Moderate severityNVD Advisory· Published Mar 3, 2020· Updated Sep 17, 2024
Authentication Leak On Redirect With Reactor Netty HttpClient
CVE-2020-5404
Description
The HttpClient from Reactor Netty, versions 0.9.x prior to 0.9.5, and versions 0.8.x prior to 0.8.16, may be used incorrectly, leading to a credentials leak during a redirect to a different domain. In order for this to happen, the HttpClient must have been explicitly configured to follow redirects.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
io.projectreactor.netty:reactor-netty-httpMaven | >= 0.9.0, < 0.9.5 | 0.9.5 |
io.projectreactor.netty:reactor-netty-httpMaven | >= 0.8.0, < 0.8.16 | 0.8.16 |
Affected products
2- Pivotal/Reactor Nettyv5Range: 0.8
Patches
Vulnerability mechanics
References
3- github.com/advisories/GHSA-gpch-h32j-gx6xghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-5404ghsaADVISORY
- pivotal.io/security/cve-2020-5404ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.