Home
HIGH: 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HDefault status
unaffected
1.16.0 (custom) before 1.16.6
affected
1.15.0 (custom) before 1.15.12
affected
1.14.0 (custom) before 1.14.16
affected
1.13.0 (custom) before 1.13.19
affected
1.9.0 (custom) before 1.9.18
affected
Default status
unaffected
1.16.0 (custom) before 1.16.6
affected
1.15.0 (custom) before 1.15.12
affected
1.14.0 (custom) before 1.14.16
affected
1.13.0 (custom) before 1.13.19
affected
Default status
unaffected
1.16.0 (custom) before 1.16.6
affected
1.15.0 (custom) before 1.15.12
affected
1.14.0 (custom) before 1.14.16
affected
1.13.0 (custom) before 1.13.19
affected
Description
In Micrometer, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Affected versions: micrometer-core 1.16.0 through 1.16.5; 1.15.0 through 1.15.11; 1.14.0 through 1.14.15; 1.13.0 through 1.13.18; 1.9.0 through 1.9.17. micrometer-jetty11 1.16.0 through 1.16.5; 1.15.0 through 1.15.11; 1.14.0 through 1.14.15; 1.13.0 through 1.13.18. micrometer-jetty12 1.16.0 through 1.16.5; 1.15.0 through 1.15.11; 1.14.0 through 1.14.15; 1.13.0 through 1.13.18.
Problem types
CWE-400: Uncontrolled Resource Consumption
Product status
1.16.0 (custom) before 1.16.6
1.15.0 (custom) before 1.15.12
1.14.0 (custom) before 1.14.16
1.13.0 (custom) before 1.13.19
1.9.0 (custom) before 1.9.18
1.16.0 (custom) before 1.16.6
1.15.0 (custom) before 1.15.12
1.14.0 (custom) before 1.14.16
1.13.0 (custom) before 1.13.19
1.16.0 (custom) before 1.16.6
1.15.0 (custom) before 1.15.12
1.14.0 (custom) before 1.14.16
1.13.0 (custom) before 1.13.19
References
spring.io/security/cve-2026-40984