[
https://issues.apache.org/jira/browse/GEODE-10592?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jinwoo Hwang updated GEODE-10592:
---------------------------------
Description: Affected versions of this package are vulnerable to Allocation
of Resources Without Limits or Throttling via HTTP server metrics
instrumentation in Micrometer. An attacker can cause denial of service by
sending specially crafted HTTP requests that trigger excessive resource
consumption during metrics collection and processing. Repeated requests can
degrade application performance and potentially render the service unavailable.
(was: Affected versions of this package are vulnerable to LDAP Injection in
the `DefaultLdapRealm` class. An attacker can bypass authentication or
impersonate other users by injecting LDAP special characters into the
Distinguished Name (DN) construction during LDAP bind authentication.)
> Remediation of CVE-2026-40984
> -----------------------------
>
> Key: GEODE-10592
> URL: https://issues.apache.org/jira/browse/GEODE-10592
> Project: Geode
> Issue Type: Improvement
> Reporter: Jinwoo Hwang
> Assignee: Jinwoo Hwang
> Priority: Major
>
> Affected versions of this package are vulnerable to Allocation of Resources
> Without Limits or Throttling via HTTP server metrics instrumentation in
> Micrometer. An attacker can cause denial of service by sending specially
> crafted HTTP requests that trigger excessive resource consumption during
> metrics collection and processing. Repeated requests can degrade application
> performance and potentially render the service unavailable.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)