CVE-2026-33012

EPSS 0.16%
Veröffentlicht 20.03.2026 04:43:07
Zuletzt bearbeitet 24.03.2026 21:21:44
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Micronaut Framework is a JVM-based full stack Java framework designed for building modular, easily testable JVM applications.  Versions 4.7.0 through 4.10.16 used an unbounded ConcurrentHashMap cache with no eviction policy in its DefaultHtmlErrorResponseBodyProvider. If the application throws an exception whose message may be influenced by an attacker, (for example, including request query value parameters) it could be used by remote attackers to cause an unbounded heap growth and OutOfMemoryError, leading to DoS. This issue has been fixed in version 4.10.7.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Objectcomputing ≫ Micronaut Version >= 4.7.0 < 4.10.17

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.16%	0.365

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-770 Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

https://github.com/micronaut-projects/micronaut-core/security/advisories/GHSA-2hcp-gjrf-7fhc

Vendor Advisory

https://github.com/micronaut-projects/micronaut-core/commit/1e2ba2c14386af3d47751732d02053a72b0b49b3

Patch

https://github.com/micronaut-projects/micronaut-core/releases/tag/v4.10.17

Release Notes

https://nvd.nist.gov/vuln/detail/CVE-2026-33012

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-33012

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-33012

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-33012