VYPR
Moderate severityNVD Advisory· Published Oct 19, 2022· Updated May 9, 2025

CVE-2022-31684

CVE-2022-31684

Description

Reactor Netty HTTP Server, in versions 1.0.11 - 1.0.23, may log request headers in some cases of invalid HTTP requests. The logged headers may reveal valid access tokens to those with access to server logs. This may affect only invalid HTTP requests where logging at WARN level is enabled.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
io.projectreactor.netty:reactor-netty-httpMaven
>= 1.0.11, < 1.0.241.0.24

Affected products

2

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.