{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-22T02:32:01.590","vulnerabilities":[{"cve":{"id":"CVE-2023-34062","sourceIdentifier":"security@vmware.com","published":"2023-11-15T10:15:07.277","lastModified":"2024-11-21T08:06:30.190","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, a malicious user can send a request using a specially crafted URL that can lead to a directory traversal attack.\n\nSpecifically, an application is vulnerable if Reactor Netty HTTP Server is configured to serve static resources.\n\n\n"},{"lang":"es","value":"En Reactor Netty HTTP Server, versiones 1.1.x anteriores a 1.1.13 y versiones 1.0.x anteriores a 1.0.39, un usuario malintencionado puede enviar una solicitud utilizando una URL especialmente manipulada que puede provocar un ataque Directory Traversal. Específicamente, una aplicación es vulnerable si el servidor HTTP Reactor Netty está configurado para servir recursos estáticos."}],"metrics":{"cvssMetricV31":[{"source":"security@vmware.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:pivotal:reactor_netty:*:*:*:*:*:*:*:*","versionStartIncluding":"1.0.0","versionEndExcluding":"1.0.39","matchCriteriaId":"4510B84A-88E7-49FB-96C3-9EC35F850DE9"},{"vulnerable":true,"criteria":"cpe:2.3:a:pivotal:reactor_netty:*:*:*:*:*:*:*:*","versionStartIncluding":"1.1.0","versionEndExcluding":"1.1.13","matchCriteriaId":"6C4793FB-0D8F-4B59-A9A7-22CFCA249735"}]}]}],"references":[{"url":"https://spring.io/security/cve-2023-34062","source":"security@vmware.com","tags":["Vendor Advisory"]},{"url":"https://spring.io/security/cve-2023-34062","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}