io.micrometer:micrometer-core 1.16.2

Direct Vulnerabilities

Known vulnerabilities in the io.micrometer:micrometer-core package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
H Allocation of Resources Without Limits or Throttling Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the gRPC server instrumentation. An attacker can cause service disruption by sending specially crafted gRPC requests. Note: This issue is exploitable if an `ObservationRegistry` is configured in the application and it records observations; `DefaultMeterObservationHandler` is configured to output metrics from Observations or the user has a custom `ObservationHandler` that outputs metrics similarly to `DefaultMeterObservationHandler`; the application uses `ObservationGrpcServerInterceptor` to instrument its gRPC server. How to fix Allocation of Resources Without Limits or Throttling? Upgrade `io.micrometer:micrometer-core` to version 1.15.12, 1.16.6 or higher.	[1.15.0-M2,1.15.12)[1.16.0-M1,1.16.6)
H Allocation of Resources Without Limits or Throttling Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via HTTP server metrics instrumentation in Micrometer. An attacker can cause denial of service by sending specially crafted HTTP requests that trigger excessive resource consumption during metrics collection and processing. Repeated requests can degrade application performance and potentially render the service unavailable. Note: This is only exploitable if the application has one or more HTTP server instrumentations enabled with metrics collection configured. How to fix Allocation of Resources Without Limits or Throttling? Upgrade `io.micrometer:micrometer-core` to version 1.10.0, 1.15.12, 1.16.6 or higher.	[1.9.0,1.10.0)[1.13.0,1.15.12)[1.16.0-M1,1.16.6)

Vulnerability

Vulnerable Version

Allocation of Resources Without Limits or Throttling

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the gRPC server instrumentation. An attacker can cause service disruption by sending specially crafted gRPC requests.

Note:

This issue is exploitable if an ObservationRegistry is configured in the application and it records observations; DefaultMeterObservationHandler is configured to output metrics from Observations or the user has a custom ObservationHandler that outputs metrics similarly to DefaultMeterObservationHandler; the application uses ObservationGrpcServerInterceptor to instrument its gRPC server.

How to fix Allocation of Resources Without Limits or Throttling?

Upgrade io.micrometer:micrometer-core to version 1.15.12, 1.16.6 or higher.

[1.15.0-M2,1.15.12)[1.16.0-M1,1.16.6)

Allocation of Resources Without Limits or Throttling

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via HTTP server metrics instrumentation in Micrometer. An attacker can cause denial of service by sending specially crafted HTTP requests that trigger excessive resource consumption during metrics collection and processing. Repeated requests can degrade application performance and potentially render the service unavailable.

Note: This is only exploitable if the application has one or more HTTP server instrumentations enabled with metrics collection configured.

How to fix Allocation of Resources Without Limits or Throttling?

Upgrade io.micrometer:micrometer-core to version 1.10.0, 1.15.12, 1.16.6 or higher.

[1.9.0,1.10.0)[1.13.0,1.15.12)[1.16.0-M1,1.16.6)

io.micrometer:micrometer-core@1.16.2

latest version

latest non vulnerable version

first published

latest version published

licenses detected

package registry

Direct Vulnerabilities

Fix vulnerabilities automatically