CVE-2024-23639

Name of the Vulnerable Software and Affected Versions Micronaut Framework versions prior to 3.8.3

Description The issue concerns enabled but unsecured management endpoints in the Micronaut Framework, which are susceptible to drive-by localhost attacks. A malicious or compromised website can make HTTP requests to localhost, and if these endpoints are not secured, they can be triggered. This is particularly problematic in development environments where such endpoints may be enabled without security measures for ease of development. Production environments typically have unused endpoints disabled and needed endpoints secured.

Recommendations For Micronaut Framework versions prior to 3.8.3, upgrade to version 3.8.3 to address the issue. As a temporary workaround, consider disabling unsecured management endpoints or restricting access to them until the upgrade can be applied.