From 75641a2ef31f266b75da9e3640d8ef12da222c76 Mon Sep 17 00:00:00 2001 From: julianladisch <533612+julianladisch@users.noreply.github.com> Date: Tue, 23 Jun 2026 11:22:33 +0200 Subject: [PATCH] Improve GHSA-w737-wx49-qj23 --- .../GHSA-w737-wx49-qj23.json | 46 +++++++++++++++++-- 1 file changed, 43 insertions(+), 3 deletions(-) diff --git a/advisories/unreviewed/2026/06/GHSA-w737-wx49-qj23/GHSA-w737-wx49-qj23.json b/advisories/unreviewed/2026/06/GHSA-w737-wx49-qj23/GHSA-w737-wx49-qj23.json index 68385dd1be0f4..baea4add806b1 100644 --- a/advisories/unreviewed/2026/06/GHSA-w737-wx49-qj23/GHSA-w737-wx49-qj23.json +++ b/advisories/unreviewed/2026/06/GHSA-w737-wx49-qj23/GHSA-w737-wx49-qj23.json @@ -1,19 +1,59 @@ { "schema_version": "1.4.0", "id": "GHSA-w737-wx49-qj23", - "modified": "2026-06-09T06:31:56Z", + "modified": "2026-06-09T06:31:57Z", "published": "2026-06-09T06:31:56Z", "aliases": [ "CVE-2026-40983" ], - "details": "In Micrometer, it is possible for a user to provide specially crafted gRPC requests that may cause a denial-of-service (DoS) condition.\n\nAffected versions:\nMicrometer 1.16.0 through 1.16.5; 1.15.0 through 1.15.11.", + "summary": "Micrometer gRPC server instrumentation DoS", + "details": "In Micrometer, it is possible for a user to provide specially crafted gRPC requests that may cause a denial-of-service (DoS) condition.", "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], - "affected": [], + "affected": [ + { + "package": { + "ecosystem": "Maven", + "name": "io.micrometer:micrometer-core" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "1.16.0" + }, + { + "fixed": "1.16.5.1" + } + ] + } + ] + }, + { + "package": { + "ecosystem": "Maven", + "name": "io.micrometer:micrometer-core" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "1.15.0" + }, + { + "fixed": "1.15.11.1" + } + ] + } + ] + } + ], "references": [ { "type": "ADVISORY",