Micrometer
Monthly
Denial-of-service in Micrometer (micrometer-core, micrometer-jetty11, and micrometer-jetty12) allows remote unauthenticated attackers to exhaust resources by sending specially crafted HTTP requests against applications that expose Micrometer-instrumented endpoints. The flaw affects a wide swath of supported 1.9.x through 1.16.x release lines and carries a CVSS 7.5 (availability-only) impact. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.
Denial-of-service in Micrometer (Spring observability library) versions 1.15.0-1.15.11 and 1.16.0-1.16.5 allows remote unauthenticated attackers to exhaust resources via specially crafted gRPC requests. With CVSS 7.5 (AV:N/AC:L/PR:N/UI:N) reflecting availability-only impact, the issue is reachable over the network without credentials, though no public exploit identified at time of analysis. Applications embedding Micrometer's gRPC instrumentation are most exposed.
Denial-of-service in Micrometer (micrometer-core, micrometer-jetty11, and micrometer-jetty12) allows remote unauthenticated attackers to exhaust resources by sending specially crafted HTTP requests against applications that expose Micrometer-instrumented endpoints. The flaw affects a wide swath of supported 1.9.x through 1.16.x release lines and carries a CVSS 7.5 (availability-only) impact. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.
Denial-of-service in Micrometer (Spring observability library) versions 1.15.0-1.15.11 and 1.16.0-1.16.5 allows remote unauthenticated attackers to exhaust resources via specially crafted gRPC requests. With CVSS 7.5 (AV:N/AC:L/PR:N/UI:N) reflecting availability-only impact, the issue is reachable over the network without credentials, though no public exploit identified at time of analysis. Applications embedding Micrometer's gRPC instrumentation are most exposed.