Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/io.micronaut/micronaut-http@1.1.0.RC1

Type maven

Namespace io.micronaut

Name micronaut-http

Version 1.1.0.RC1

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 3.2.7

Latest_non_vulnerable_version 3.2.7

Affected_by_vulnerabilities

url VCID-xwb3-ctrw-9bd3

vulnerability_id VCID-xwb3-ctrw-9bd3

summary Micronaut is a JVM-based, full stack Java framework designed for building JVM web applications with support for Java, Kotlin and the Groovy language. In affected versions sending an invalid Content Type header leads to memory leak in DefaultArgumentConversionContext as this type is erroneously used in static state. ### Impact Sending an invalid Content Type header leads to memory leak in `DefaultArgumentConversionContext` as this type is erroneously used in static state. ### Patches The problem is patched in Micronaut 3.2.7 and above. ### Workarounds The default content type binder can be replaced in an existing Micronaut application to mitigate the issue: ```java package example; import java.util.List; import io.micronaut.context.annotation.Replaces; import io.micronaut.core.convert.ConversionService; import io.micronaut.http.MediaType; import io.micronaut.http.bind.DefaultRequestBinderRegistry; import io.micronaut.http.bind.binders.RequestArgumentBinder; import jakarta.inject.Singleton; @Singleton @Replaces(DefaultRequestBinderRegistry.class) class FixedRequestBinderRegistry extends DefaultRequestBinderRegistry { public FixedRequestBinderRegistry(ConversionService conversionService, List<RequestArgumentBinder> binders) { super(conversionService, binders); } @Override protected void registerDefaultConverters(ConversionService<?> conversionService) { super.registerDefaultConverters(conversionService); conversionService.addConverter(CharSequence.class, MediaType.class, charSequence -> { try { return MediaType.of(charSequence); } catch (IllegalArgumentException e) { return null; } }); } } ``` ### References Commit that introduced the vulnerability https://github.com/micronaut-projects/micronaut-core/commit/b8ec32c311689667c69ae7d9f9c3b3a8abc96fe3 ### For more information If you have any questions or comments about this advisory: * Open an issue in [Micronaut Core](https://github.com/micronaut-projects/micronaut-core/issues) * Email us at [info@micronaut.io](mailto:info@micronaut.io)

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-21700

reference_id

reference_type

scores

value	0.00322
scoring_system	epss
scoring_elements	0.5571
published_at	2026-06-12T12:55:00Z

value	0.00322
scoring_system	epss
scoring_elements	0.5559
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-21700

reference_url

https://github.com/micronaut-projects/micronaut-core

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/micronaut-projects/micronaut-core

reference_url

https://github.com/micronaut-projects/micronaut-core/commit/b8ec32c311689667c69ae7d9f9c3b3a8abc96fe3

reference_id

b8ec32c311689667c69ae7d9f9c3b3a8abc96fe3

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:58:04Z/

url

https://github.com/micronaut-projects/micronaut-core/commit/b8ec32c311689667c69ae7d9f9c3b3a8abc96fe3

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-21700

reference_id

CVE-2022-21700

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-21700

reference_url

https://github.com/advisories/GHSA-2457-2263-mm9f

reference_id

GHSA-2457-2263-mm9f

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-2457-2263-mm9f

reference_url

https://github.com/micronaut-projects/micronaut-core/security/advisories/GHSA-2457-2263-mm9f

reference_id

GHSA-2457-2263-mm9f

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:58:04Z/

url

https://github.com/micronaut-projects/micronaut-core/security/advisories/GHSA-2457-2263-mm9f

fixed_packages

url	pkg:maven/io.micronaut/micronaut-http@3.2.7
purl	pkg:maven/io.micronaut/micronaut-http@3.2.7
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/io.micronaut/micronaut-http@3.2.7

aliases CVE-2022-21700, GHSA-2457-2263-mm9f

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xwb3-ctrw-9bd3

Fixing_vulnerabilities

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.micronaut/micronaut-http@1.1.0.RC1

Package Instance