CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

GHSA-387m-935m-c4vw: Micronaut doesn't set a maximum redirect count for its HTTP Client, enabling infinite loop DoS

highCVSS 7.5
The Netty-based Micronaut HTTP Client does not impose a limit on HTTP redirections, potentially allowing an infinite redirect loop that could lead to a denial-of-service attack. Patches The following versions are patched: - For Micronaut 5, versions equal or greater than 5.0.1 >= - For Micronaut 4, versions equal or greater than 4.10.24 >= - For Micronaut 3, versions equal or greater than 3.10.7 >= Workarounds No Resources Micronaut 5 Patch: https://github.com/micronaut-projects/micronaut-core/commit/6e88a972718d6e1521c5b3bb7766451798dba4e3 Micronaut 4 Patch: https://github.com/micronaut-projects/micronaut-core/commit/f1dffffec8fb5e3b7e94ae907ce0be3831e499d4 Micronaut 3 Patch: https://github.com/micronaut-projects/micronaut-core/commit/c06a2715ca7f78321bc3ca05f41cca78cd351320

Details

Source
GitHub Security Advisories (INTL · database · site)
Severity
high — CVSS 7.5
Published
2026-07-09
Last updated
2026-07-09
Exploitation
Not in CISA KEV at last sync

Original advisory: https://github.com/advisories/GHSA-387m-935m-c4vw

More from GitHub Security Advisories