CVE-2026-33013 in micronaut-core情報

要約

〜によって MITRE • 2026年03月20日

Micronaut Framework is a JVM-based full stack Java framework designed for building modular, easily testable JVM applications. Versions prior to both 4.10.16 and 3.10.5 do not correctly handle descending array index order during form-urlencoded body binding in theJsonBeanPropertyBinder::expandArrayToThreshold, which allows remote attackers to cause a DoS (non-terminating loop, CPU exhaustion, and OutOfMemoryError) via crafted indexed form parameters (e.g., authors[1].name followed by authors[0].name). This issue has been fixed in versions 4.10.16 and 3.10.5.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

責任者

GitHub M

予約する

2026年03月17日

公開

2026年03月20日

モデレーション

承諾済み

エントリ

VDB-351854

CPE

準備完了

CWE

CWE-835 (確認済み)

CVSS

7.5 (NVD)

EPSS

0.00288

KEV

いいえ

アクティビティ

非常低い

セクター

Chemical, Education, ...

ソース

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-33013
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-33013
CVE Details	https://www.cvedetails.com/cve/CVE-2026-33013/

◂ 前概要次 ▸

Might our Artificial Intelligence support you?

Check our Alexa App!