React CVE-2025-14969
MEDIUM
GHSA-frpp-8pwq-hjrx
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Lifecycle Timeline
3DescriptionNVD
A flaw was found in Hibernate Reactive. When an HTTP endpoint is exposed to perform database operations, a remote client can prematurely close the HTTP connection. This action may lead to leaking connections from the database connection pool, potentially causing a Denial of Service (DoS) by exhausting available database connections.
AnalysisAI
A flaw was found in Hibernate Reactive. When an HTTP endpoint is exposed to perform database operations, a remote client can prematurely close the HTTP connection. [CVSS 4.3 MEDIUM]
Technical ContextAI
This vulnerability (CWE-772: Missing Release of Resource after Effective Lifetime) was found in Hibernate Reactive. When an HTTP endpoint is exposed to perform database operations, a remote client can prematurely close the HTTP connection. This action may lead to leaking connections from the database connection pool, potentially causing a Denial of Service (DoS) by exhausting available database connections.
Affected ProductsAI
A flaw was found in Hibernate Reactive. When an HTTP endpoint is exposed to perform database operations, a remote client can prematurely close the HTTP connection. This action may lead to leaking conn
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
More from same product – last 7 days
Command injection in the shell-quote npm package allows attackers who can influence object-token inputs to inject arbitr
Heap buffer overflow in NGINX Plus and NGINX Open Source ngx_http_rewrite_module allows unauthenticated remote attackers
Vendor StatusVendor
Share
External POC / Exploit Code
Leaving vuln.today