Skip to content

[GEODE-10592] Remediation of CVE-2026-40984#8018

Open
JinwooHwang wants to merge 3 commits into
apache:developfrom
JinwooHwang:feature/GEODE-10592
Open

[GEODE-10592] Remediation of CVE-2026-40984#8018
JinwooHwang wants to merge 3 commits into
apache:developfrom
JinwooHwang:feature/GEODE-10592

Conversation

@JinwooHwang

Copy link
Copy Markdown
Contributor

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via HTTP server metrics instrumentation in Micrometer. An attacker can cause denial of service by sending specially crafted HTTP requests that trigger excessive resource consumption during metrics collection and processing. Repeated requests can degrade application performance and potentially render the service unavailable.

For all changes, please confirm:

  • Is there a JIRA ticket associated with this PR? Is it referenced in the commit message?
  • Has your PR been rebased against the latest commit within the target branch (typically develop)?
  • Is your initial contribution a single, squashed commit?
  • Does gradlew build run cleanly?
  • Have you written or updated unit tests to verify your changes?
  • If adding new dependencies to the code, are these dependencies licensed in a way that is compatible for inclusion under ASF 2.0?

@JinwooHwang JinwooHwang requested a review from marinov-code July 13, 2026 14:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants