High severityNVD Advisory· Published Oct 17, 2019· Updated Sep 16, 2024
Reactor Netty authentication leak in redirects
CVE-2019-11284
Description
Pivotal Reactor Netty, versions prior to 0.8.11, passes headers through redirects, including authorization ones. A remote unauthenticated malicious user may gain access to credentials for a different server than they have access to.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
io.projectreactor.netty:reactor-nettyMaven | < 0.8.11 | 0.8.11 |
Affected products
2- Pivotal/Reactor Nettyv5Range: prior to v0.8.11.RELEASE
Patches
Vulnerability mechanics
References
3- github.com/advisories/GHSA-j52r-xc68-q8f4ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2019-11284ghsaADVISORY
- pivotal.io/security/cve-2019-11284ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.