Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Micronaut Framework vulnerable to a Denial of Service in HTML error response caching
Vulnerability Description
Micronaut Framework is a JVM-based full stack Java framework designed for building modular, easily testable JVM applications. Versions 4.7.0 through 4.10.16 used an unbounded ConcurrentHashMap cache with no eviction policy in its DefaultHtmlErrorResponseBodyProvider. If the application throws an exception whose message may be influenced by an attacker, (for example, including request query value parameters) it could be used by remote attackers to cause an unbounded heap growth and OutOfMemoryError, leading to DoS. This issue has been fixed in version 4.10.7.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
不加限制或调节的资源分配
Vulnerability Title
Micronaut Framework 安全漏洞
Vulnerability Description
Micronaut Framework是Micronaut基金会的一个基于 JVM 的现代全栈 Java 框架。 Micronaut Framework 4.7.0版本至4.10.16版本存在安全漏洞,该漏洞源于DefaultHtmlErrorResponseBodyProvider使用无限制的ConcurrentHashMap缓存,可能导致堆无限增长和拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A