Moderate severityNVD Advisory· Published Oct 19, 2022· Updated May 9, 2025
CVE-2022-31684
CVE-2022-31684
Description
Reactor Netty HTTP Server, in versions 1.0.11 - 1.0.23, may log request headers in some cases of invalid HTTP requests. The logged headers may reveal valid access tokens to those with access to server logs. This may affect only invalid HTTP requests where logging at WARN level is enabled.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
io.projectreactor.netty:reactor-netty-httpMaven | >= 1.0.11, < 1.0.24 | 1.0.24 |
Affected products
2- Reactor Netty/Reactor Netty HTTP Serverdescription
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.