CVE-2023-34054 - Denial of Service (DoS)

Severity: None2024-02-16

Security Advisories

Abstract

In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable if Reactor Netty HTTP Server built-in integration with Micrometer is enabled.

The Oxygen products incorporate Reactor Netty HTTP Server as a third-party libraries. This advisory was opened to address the potential impact of this third-party libraries vulnerability.

Affected Products/Versions

ProductSeverityFixed Release Availability
Oxygen Content Fusion v6.0 and olderNone Oxygen Content Fusion 6.0 build 2023122005

Mitigation

None

Detail

CVE-2023-34054

Severity: High

CVSS Score: 7.5

The Reactor Netty HTTP Server third-party libraries used by Oxygen XML products are an affected version mentioned in CVE-2023-34054 vulnerability description. However, Oxygen XML products do not use metrics / Micrometer. For that reason, Oxygen XML products are not affected by this vulnerability.

List of Security Advisories