CVE-2023-34054: 
Java vulnerability analysis and mitigation

In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, a vulnerability was discovered that could allow users to cause a denial-of-service (DoS) condition through specially crafted HTTP requests. The vulnerability specifically affects applications that have enabled Reactor Netty HTTP Server's built-in integration with Micrometer (Spring Advisory, NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (HIGH) by NIST with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, while VMware assessed it with a score of 5.3 (MEDIUM) with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L. The vulnerability is triggered when the Reactor Netty HTTP Server's built-in integration with Micrometer is enabled, allowing attackers to exploit the system through specially crafted HTTP requests (NVD).

When successfully exploited, this vulnerability can result in a denial-of-service condition, potentially making the affected service unavailable to legitimate users. The impact is primarily focused on system availability, with no direct effect on confidentiality or integrity (Spring Advisory).

Users are advised to upgrade to the patched versions: Reactor Netty version 1.1.13 for 1.1.x users or version 1.0.39 for 1.0.x users. As a temporary workaround, users can disable the Reactor Netty HTTP Server built-in integration with Micrometer (Spring Advisory).