182 matches found
CVE-2026-41715
A flaw was found in Reactor Netty HTTP client. In specific scenarios, a remote attacker could exploit this vulnerability when the HTTP client is explicitly configured to follow redirects from a secure endpoint to an insecure one. This could lead to the leakage of sensitive credentials. Mitigation...
HTB-Reactor
No d...
ROOT-APP-MAVEN-CVE-2025-22227 CVE-2025-22227 in io.root.io.projectreactor.netty:reactor-netty-http - Patched by Root
Root has patched CVE-2025-22227 in the io.root.io.projectreactor.netty:reactor-netty-http package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2023-34062 CVE-2023-34062 in io.root.io.projectreactor.netty:reactor-netty-http - Patched by Root
Root has patched CVE-2023-34062 in the io.root.io.projectreactor.netty:reactor-netty-http package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2023-34054 CVE-2023-34054 in io.root.io.projectreactor.netty:reactor-netty-core - Patched by Root
Root has patched CVE-2023-34054 in the io.root.io.projectreactor.netty:reactor-netty-core package for Root:Maven. Multiple fixed versions available...
CVE-2026-41715
In specific scenarios involving HTTP redirects from a secure to an insecure endpoint, the Reactor Netty HTTP client may leak credentials. In order for this to happen, the HTTP client must have been explicitly configured to follow redirects. Affected versions: Reactor Netty 1.0.0 through 1.0.51;...
CVE-2026-41715 Reactor Netty HTTP Client Leaks Credentials On Protocol Downgrade Redirect
In specific scenarios involving HTTP redirects from a secure to an insecure endpoint, the Reactor Netty HTTP client may leak credentials. In order for this to happen, the HTTP client must have been explicitly configured to follow redirects. Affected versions: Reactor Netty 1.0.0 through 1.0.51;...
CVE-2026-41715 Reactor Netty HTTP Client Leaks Credentials On Protocol Downgrade Redirect
In specific scenarios involving HTTP redirects from a secure to an insecure endpoint, the Reactor Netty HTTP client may leak credentials. In order for this to happen, the HTTP client must have been explicitly configured to follow redirects. Affected versions: Reactor Netty 1.0.0 through 1.0.51;...
EUVD-2026-35322
In specific scenarios involving HTTP redirects from a secure to an insecure endpoint, the Reactor Netty HTTP client may leak credentials. In order for this to happen, the HTTP client must have been explicitly configured to follow redirects. Affected versions: Reactor Netty 1.0.0 through 1.0.51;...
CVE-2026-41715
CVE-2026-41715 affects the Reactor Netty HTTP Client. When redirects are enabled, HTTP redirects from secure to insecure endpoints may leak credentials and expose sensitive data. Affected versions are Reactor Netty 1.0.0–1.0.51; 1.1.0–1.1.35; 1.2.0–1.2.17; 1.3.0–1.3.5. The provided documents do n...
PT-2026-47647
Name of the Vulnerable Software and Affected Versions Reactor Netty versions 1.0.0 through 1.0.51 Reactor Netty versions 1.1.0 through 1.1.35 Reactor Netty versions 1.2.0 through 1.2.17 Reactor Netty versions 1.3.0 through 1.3.5 Description The Reactor Netty HTTP client may leak credentials when...
Spring Reactor Netty 信任管理问题漏洞
VMware Reactor Netty is a product of the US company VMware, which provides non-blocking and backpressure-compliant TCP/HTTP/UDP/QUIC clients and servers based on the Netty framework. Security vulnerabilities exist in versions 1.0.0 to 1.0.51, 1.1.0 to 1.1.35, 1.2.0 to 1.2.17, and 1.3.0 to 1.3.5 o...
Cleartext Transmission of Sensitive Information
Overview Affected versions of this package are vulnerable to Cleartext Transmission of Sensitive Information via HTTP redirect handling in the HTTP client. An attacker can obtain sensitive credentials by causing a client configured to automatically follow redirects to follow a redirect from a...
CVE-2026-42304
A flaw was found in Twisted, specifically within the twisted.names module. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted TCP DNS packet containing deeply chained compression pointers. This can lead to resource exhaustion, causing the...
Important: python-twisted
Issue Overview: The twisted.names module is vulnerable to a Denial of Service DoS attack via resource exhaustion during DNS name decompression. A remote, unauthenticated attacker can exploit this by sending a crafted TCP DNS packet containing deeply chained compression pointers. This flaw bypasse...
SUSE CVE-2026-42304
Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 26.4.0rc2, the twisted.names module is vulnerable to a Denial of Service DoS attack via resource exhaustion during DNS name decompression. A remote, unauthenticated attacker can exploit this by sending...
PYSEC-2026-160
Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 26.4.0rc2, the twisted.names module is vulnerable to a Denial of Service DoS attack via resource exhaustion during DNS name decompression. A remote, unauthenticated attacker can exploit this by sending...
PYSEC-2026-160
Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 26.4.0rc2, the twisted.names module is vulnerable to a Denial of Service DoS attack via resource exhaustion during DNS name decompression. A remote, unauthenticated attacker can exploit this by sending...
CVE-2026-42304
Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 26.4.0rc2, the twisted.names module is vulnerable to a Denial of Service DoS attack via resource exhaustion during DNS name decompression. A remote, unauthenticated attacker can exploit this by sending...
CVE-2026-42304 Twisted: Denial of Service (DoS) in twisted.names via Crafted DNS Compression Pointer Chains
Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 26.4.0rc2, the twisted.names module is vulnerable to a Denial of Service DoS attack via resource exhaustion during DNS name decompression. A remote, unauthenticated attacker can exploit this by sending...