What is CVE-2022-21700?

CVE-2022-21700 is a medium-severity vulnerability in Micronaut-projects Micronaut-core, classified under Uncontrolled Resource Consumption. CVSS score: 5.3/10. Published 2022-01-18.

How severe is CVE-2022-21700?

Medium severity. CVSS v3 base score is 5.3 out of 10.

Resource exhaustion in Micronaut-projects Micronaut-core

CVE-2022-21700

Micronaut is a JVM-based, full stack Java framework designed for building JVM web applications with support for Java, Kotlin and the Groovy language. In affected versions sending an invalid Content Type header leads to memory leak in Defau…

Vulnerability class: DoS (Denial of Service)

EPSS: 0.003 (55.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L.

Affected products

Micronaut-projects Micronaut-core — versions < 3.2.7

Weakness classification (CWE)

CWE-400 — Uncontrolled Resource Consumption

References

github.com/micronaut-projects/micronaut-core/security/advisories/GHSA-2457-2263… (x_refsource_CONFIRM)
github.com/micronaut-projects/micronaut-core/commit/b8ec32c311689667c69ae7d9f9c… (x_refsource_MISC)

Frequently asked questions

What is CVE-2022-21700?: CVE-2022-21700 is a medium-severity vulnerability in Micronaut-projects Micronaut-core, classified under Uncontrolled Resource Consumption. CVSS score: 5.3/10. Published 2022-01-18.
How severe is CVE-2022-21700?: Medium severity. CVSS v3 base score is 5.3 out of 10.