Allocation of Resources Without Limits or Throttling Affecting org.jboss.xnio:xnio-api package, versions [,3.8.8)
Snyk CVSS
Attack Complexity
Low
Threat Intelligence
EPSS
0.16% (53rd
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-JAVA-ORGJBOSSXNIO-2994360
- published 28 Aug 2022
- disclosed 28 Aug 2022
- credit Unknown
Introduced: 28 Aug 2022
CVE-2022-0084 Open this link in a new tabHow to fix?
Upgrade org.jboss.xnio:xnio-api
to version 3.8.8 or higher.
Overview
org.jboss.xnio:xnio-api is a simplified low-level I/O layer which can be used anywhere you are using NIO.
Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the notifyReadClosed
method by allowing an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up.