VYPR
Moderate severityNVD Advisory· Published Mar 3, 2020· Updated Sep 17, 2024

Authentication Leak On Redirect With Reactor Netty HttpClient

CVE-2020-5404

Description

The HttpClient from Reactor Netty, versions 0.9.x prior to 0.9.5, and versions 0.8.x prior to 0.8.16, may be used incorrectly, leading to a credentials leak during a redirect to a different domain. In order for this to happen, the HttpClient must have been explicitly configured to follow redirects.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
io.projectreactor.netty:reactor-netty-httpMaven
>= 0.9.0, < 0.9.50.9.5
io.projectreactor.netty:reactor-netty-httpMaven
>= 0.8.0, < 0.8.160.8.16

Affected products

2

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.