Steeltoe Discovery Eureka
Monthly
Denial of service in Steeltoe.Discovery.Eureka client (.NET) versions prior to 4.2.0 and 3.4.0 allows a remote Eureka registry containing service registrations with DataCenterInfo.name="Netflix" to permanently break the local service discovery cache. The client's DataCenterInfo.FromJson rejects any value other than "MyOwn" or "Amazon" with an ArgumentException that is silently swallowed by the periodic cache refresh task, leaving downstream .NET services unable to discover peers. No public exploit identified at time of analysis, but the trigger is trivially reachable in mixed Java/Spring-Cloud and Steeltoe environments.
Denial of service in Steeltoe.Discovery.Eureka client (.NET) versions prior to 4.2.0 and 3.4.0 allows a remote Eureka registry containing service registrations with DataCenterInfo.name="Netflix" to permanently break the local service discovery cache. The client's DataCenterInfo.FromJson rejects any value other than "MyOwn" or "Amazon" with an ArgumentException that is silently swallowed by the periodic cache refresh task, leaving downstream .NET services unable to discover peers. No public exploit identified at time of analysis, but the trigger is trivially reachable in mixed Java/Spring-Cloud and Steeltoe environments.