CVE-2020-5403: DoS Via Malformed URL with Reactor Netty HTTP Server
Reactor Netty HttpServer, versions 0.9.3 and 0.9.4, is exposed to a URISyntaxException that causes the connection to be closed prematurely instead of producing a 400 response.
Affected VMware Products and Versions
Severity is medium unless otherwise noted.
Users of affected versions should upgrade to 0.9.5 (reactor-bom Dysprosium SR-5). No other steps are necessary.
This issue was identified and responsibly reported by Wojciech Kuranowski.
2020-02-27: Initial vulnerability report published.