Lucene search
+L

107 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-3062

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.01124EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.28 views

EUVD-2022-1052

Malicious code in bioql PyPI...

7.5CVSS6.7AI score0.01118EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/30 9:12 p.m.11 views

Security Bulletin: Vulnerabilities in Spring Cloud Gateway Server, Bouncy Castle, Reactor Netty HTTP Server, NPM and Apache Commons might affect IBM Storage Defender Copy Data Management

Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in Spring Cloud Gateway Server, Bouncy Castle, Reactor Netty HTTP Server, NPM and Apache Commons. Vulnerabilities include forwarded headers from untrusted proxies, opening up a possibility of DNS poisoning,...

8.8CVSS7.7AI score0.01548EPSS
Exploits3Affected Software1
vulnersOsv
vulnersOsv
added 2025/07/16 12:30 p.m.6 views

io.github.mullerhai:storch-mcp_3 (=0.1.0), io.projectreactor.netty:reactor-netty (>=1.3.0-M1 <=1.3.0-M4) +1 more potentially affected by CVE-2025-22227 via io.projectreactor.netty:reactor-netty-http (>=1.3.0-M1 <=1.3.0-M4)

io.projectreactor.netty:reactor-netty-http MAVEN version =1.3.0-M1, =1.3.0-M1, =1.3.0-M1, =1.3.0-M4 Source cves: CVE-2025-22227 Source advisory: OSV:GHSA-4Q2V-9P7V-3V22...

6.1CVSS6.4AI score0.0034EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/07/16 12:30 p.m.9 views

africa.absa:inception-application (>=1.0.0 <=1.2.0), ai.ancf.lmos-router:benchmarks (>=0.2.0 <=0.28.0) +5879 more potentially affected by CVE-2025-22227 via io.projectreactor.netty:reactor-netty-http (>=1.0.0 <=1.2.7)

io.projectreactor.netty:reactor-netty-http MAVEN version =1.0.0, =1.0.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.1.1, =0.1.1, =0.1.1, =0.0.4, =0.6.0 - ai.ancf.lmos:lmos-router-hybrid =0.1.0 - ai.ancf.lmos:lmos-router-hybrid-spring-boot-starter =0.1.0 - ai.ancf.lmos:lmos-router-llm =0.1...

6.1CVSS6.3AI score0.0034EPSS
Exploits0
OSV
OSV
added 2025/07/16 12:30 p.m.5 views

GHSA-4Q2V-9P7V-3V22 Reactor Netty HTTP is vulnerable to credential leaks during chained redirects

In some specific scenarios with chained redirects, Reactor Netty HTTP client leaks credentials. In order for this to happen, the HTTP client must have been explicitly configured to follow redirects...

6.1CVSS6.8AI score0.0034EPSS
Exploits0References4
NVD
NVD
added 2025/07/16 10:15 a.m.21 views

CVE-2025-22227

In some specific scenarios with chained redirects, Reactor Netty HTTP client leaks credentials. In order for this to happen, the HTTP client must have been explicitly configured to follow redirects...

6.1CVSS0.0034EPSS
Exploits0References1
CVE
CVE
added 2025/07/16 9:31 a.m.133 views

CVE-2025-22227

CVE-2025-22227 is described in the initial document as a vulnerability where, in specific scenarios with chained redirects, the Reactor Netty HTTP client leaks credentials if the HTTP client is explicitly configured to follow redirects. The connected IBM bulletins list CVE-2025-22227 among a larg...

6.1CVSS6.7AI score0.0034EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/07/16 9:31 a.m.40 views

CVE-2025-22227 CVE-2025-22227: Authentication Leak On Redirect With Reactor Netty HTTP Client

In some specific scenarios with chained redirects, Reactor Netty HTTP client leaks credentials. In order for this to happen, the HTTP client must have been explicitly configured to follow redirects...

6.1CVSS0.0034EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/07/16 12:0 a.m.15 views

PT-2025-29713

Name of the Vulnerable Software and Affected Versions Reactor Netty HTTP client affected versions not specified Description In specific scenarios involving chained redirects, the Reactor Netty HTTP client is susceptible to credential leakage. This issue occurs when the HTTP client is explicitly...

6.1CVSS6.5AI score0.0034EPSS
Exploits0References8
CNNVD
CNNVD
added 2025/07/16 12:0 a.m.7 views

Reactor Netty 安全漏洞

Reactor Netty is a non-blocking and backpressure-ready TCP/HTTP/UDP/QUIC client and server based on the Netty framework. A security vulnerability exists in Reactor Netty that stems from the Reactor Netty HTTP client disclosing credentials in certain specific scenarios of chained redirection...

6.1CVSS6.2AI score0.0034EPSS
Exploits0References1
Spring Security Advisories
Spring Security Advisories
added 2025/07/15 12:0 a.m.9 views

Authentication Leak On Redirect With Reactor Netty HTTP Client

In some specific scenarios with chained redirects, Reactor Netty HTTP client leaks credentials. In order for this to happen, the HTTP client must have been explicitly configured to follow redirects...

6.1CVSS6.4AI score0.0034EPSS
Exploits0References1Affected Software1
Snyk
Snyk
added 2025/07/15 12:0 a.m.5 views

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Overview Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere via handling of chained redirects. An attacker can cause the Reactor Netty HTTP client to leak credentials such as session cookies by intercepting initial HTTP/1...

6.1CVSS6.9AI score0.0034EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2025/07/15 12:0 a.m.7 views

io.github.mullerhai:storch-mcp_3 (=0.1.0), io.projectreactor.netty:reactor-netty (>=1.3.0-M1 <=1.3.0-M4) +1 more potentially affected by CVE-2025-22227 via io.projectreactor.netty:reactor-netty-http (>=1.3.0-M1 <=1.3.0-M4)

io.projectreactor.netty:reactor-netty-http MAVEN version =1.3.0-M1, =1.3.0-M1, =1.3.0-M1, =1.3.0-M4 Source cves: CVE-2025-22227 Source advisory: SNYK:JAVA-IOPROJECTREACTORNETTY-10770514...

6.1CVSS6.4AI score0.0034EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/07/15 12:0 a.m.8 views

africa.absa:inception-application (>=1.0.0 <=1.2.0), ai.ancf.lmos-router:benchmarks (>=0.2.0 <=0.28.0) +5879 more potentially affected by CVE-2025-22227 via io.projectreactor.netty:reactor-netty-http (>=1.0.0 <=1.2.7)

io.projectreactor.netty:reactor-netty-http MAVEN version =1.0.0, =1.0.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.1.1, =0.1.1, =0.1.1, =0.0.4, =0.6.0 - ai.ancf.lmos:lmos-router-hybrid =0.1.0 - ai.ancf.lmos:lmos-router-hybrid-spring-boot-starter =0.1.0 - ai.ancf.lmos:lmos-router-llm =0.1...

6.1CVSS6.3AI score0.0034EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 5:22 a.m.6 views

CVE-2023-34054

In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service DoS condition. Specifically, an application is vulnerable if Reactor Netty HTTP Server built-in...

7.5CVSS6.7AI score0.00906EPSS
Exploits0References1
Spring Security Advisories
Spring Security Advisories
added 2024/11/26 12:0 a.m.13 views

HTTP/3 support in Reactor 2024.0 Release Train

HTTP/3, the latest major version of the Hypertext Transfer Protocol, had its specification finalized in June 2022. This version is designed to enhance performance, reliability, and security. Unlike its predecessors, HTTP/3 utilizes QUIC instead of TCP as its transport layer. QUIC is a UDP-based,...

6.8AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2024/01/11 12:0 a.m.7 views

The vulnerability of the Reactor Netty HTTP server arises from incorrect path name restrictions for restricted access directories, allowing attackers to disclose protected information.

The vulnerability of the Reactor Netty HTTP server is related to an incorrect limitation on the path name to the restricted directory. Exploiting this vulnerability can allow a remote attacker to disclose sensitive information that is protected by this system...

7.8CVSS7.1AI score0.01124EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/01/11 12:0 a.m.9 views

The vulnerability of the Reactor Netty HTTP server, related to uncontrolled resource consumption, allows attackers to cause service failures.

The vulnerability of the Reactor Netty HTTP server is related to an uncontrolled resource consumption. Exploiting this vulnerability allows a malicious actor to cause service failures through specially crafted HTTP requests...

5.3CVSS7.2AI score0.00906EPSS
Exploits0References2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/15 3:27 p.m.29 views

Security Bulletin: Vulnerability in Reactor Netty affects IBM Process Mining CVE-2023-34062

Summary There is a vulnerability in Reactor Netty that could allow a remote attacker to traverse directories on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2023-34062...

7.5CVSS7.7AI score0.01124EPSS
Exploits0Affected Software1
Rows per page
Query Builder