[ 
https://issues.apache.org/jira/browse/GEODE-10592?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Jinwoo Hwang updated GEODE-10592:
---------------------------------
    Description: Affected versions of this package are vulnerable to Allocation 
of Resources Without Limits or Throttling via HTTP server metrics 
instrumentation in Micrometer. An attacker can cause denial of service by 
sending specially crafted HTTP requests that trigger excessive resource 
consumption during metrics collection and processing. Repeated requests can 
degrade application performance and potentially render the service unavailable. 
 (was: Affected versions of this package are vulnerable to LDAP Injection in 
the `DefaultLdapRealm` class. An attacker can bypass authentication or 
impersonate other users by injecting LDAP special characters into the 
Distinguished Name (DN) construction during LDAP bind authentication.)

> Remediation of CVE-2026-40984
> -----------------------------
>
>                 Key: GEODE-10592
>                 URL: https://issues.apache.org/jira/browse/GEODE-10592
>             Project: Geode
>          Issue Type: Improvement
>            Reporter: Jinwoo Hwang
>            Assignee: Jinwoo Hwang
>            Priority: Major
>
> Affected versions of this package are vulnerable to Allocation of Resources 
> Without Limits or Throttling via HTTP server metrics instrumentation in 
> Micrometer. An attacker can cause denial of service by sending specially 
> crafted HTTP requests that trigger excessive resource consumption during 
> metrics collection and processing. Repeated requests can degrade application 
> performance and potentially render the service unavailable.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to