Lucene search
K

107 matches found

Github Security Blog
Github Security Blog
added 2022/02/10 8:24 p.m.37 views

Improper Handling of Exceptional Conditions and Improper Input Validation in Reactor Netty

Reactor Netty HttpServer, versions 0.9.3 and 0.9.4, is exposed to a URISyntaxException that causes the connection to be closed prematurely instead of producing a 400 response...

7.5CVSS7.2AI score0.01118EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/02/10 8:24 p.m.20 views

GHSA-GPCH-H32J-GX6X Insufficiently Protected Credentials in Reactor Netty

The HttpClient from Reactor Netty, versions 0.9.x prior to 0.9.5, and versions 0.8.x prior to 0.8.16, may be used incorrectly, leading to a credentials leak during a redirect to a different domain. In order for this to happen, the HttpClient must have been explicitly configured to follow redirect...

5.9CVSS5.9AI score0.00653EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2022/02/10 8:24 p.m.40 views

Insufficiently Protected Credentials in Reactor Netty

The HttpClient from Reactor Netty, versions 0.9.x prior to 0.9.5, and versions 0.8.x prior to 0.8.16, may be used incorrectly, leading to a credentials leak during a redirect to a different domain. In order for this to happen, the HttpClient must have been explicitly configured to follow redirect...

6.5CVSS6AI score0.00653EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2021/06/23 8:25 a.m.67 views

CVE-2020-5404

The HttpClient from Reactor Netty, versions 0.9.x prior to 0.9.5, and versions 0.8.x prior to 0.8.16, may be used incorrectly, leading to a credentials leak during a redirect to a different domain. In order for this to happen, the HttpClient must have been explicitly configured to follow redirect...

6.5CVSS1.8AI score0.00653EPSS
Exploits0References3
OSV
OSV
added 2020/03/03 7:15 p.m.28 views

CVE-2020-5403

Reactor Netty HttpServer, versions 0.9.3 and 0.9.4, is exposed to a URISyntaxException that causes the connection to be closed prematurely instead of producing a 400 response...

7.5CVSS6.7AI score0.01118EPSS
Exploits0References1
NVD
NVD
added 2020/03/03 7:15 p.m.11 views

CVE-2020-5403

Reactor Netty HttpServer, versions 0.9.3 and 0.9.4, is exposed to a URISyntaxException that causes the connection to be closed prematurely instead of producing a 400 response...

7.5CVSS6.6AI score0.01118EPSS
Exploits0References1
Prion
Prion
added 2020/03/03 7:15 p.m.16 views

Code injection

Reactor Netty HttpServer, versions 0.9.3 and 0.9.4, is exposed to a URISyntaxException that causes the connection to be closed prematurely instead of producing a 400 response...

5CVSS7.4AI score0.01118EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/03/03 6:25 p.m.21 views

CVE-2020-5403 DoS Via Malformed URL with Reactor Netty HTTP Server

Reactor Netty HttpServer, versions 0.9.3 and 0.9.4, is exposed to a URISyntaxException that causes the connection to be closed prematurely instead of producing a 400 response...

6.5CVSS7.5AI score0.01118EPSS
Exploits0References1
CVE
CVE
added 2020/03/03 6:25 p.m.79 views

CVE-2020-5403

CVE-2020-5403 affects Reactor Netty HttpServer, specifically versions 0.9.3 and 0.9.4. The root cause is an URI syntax handling flaw that causes the connection to close prematurely due to a URISyntaxException, instead of returning a 400 Bad Request. This behavior can enable a DoS via malformed UR...

7.5CVSS6.8AI score0.01118EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2020/03/03 6:15 p.m.57 views

CVE-2020-5404

The HttpClient from Reactor Netty, versions 0.9.x prior to 0.9.5, and versions 0.8.x prior to 0.8.16, may be used incorrectly, leading to a credentials leak during a redirect to a different domain. In order for this to happen, the HttpClient must have been explicitly configured to follow redirect...

6.5CVSS6.1AI score0.00653EPSS
Exploits0References1
OSV
OSV
added 2020/03/03 6:15 p.m.36 views

CVE-2020-5404

The HttpClient from Reactor Netty, versions 0.9.x prior to 0.9.5, and versions 0.8.x prior to 0.8.16, may be used incorrectly, leading to a credentials leak during a redirect to a different domain. In order for this to happen, the HttpClient must have been explicitly configured to follow redirect...

5.9CVSS6.7AI score0.00653EPSS
Exploits0References1
Prion
Prion
added 2020/03/03 6:15 p.m.27 views

Buffer overflow

The HttpClient from Reactor Netty, versions 0.9.x prior to 0.9.5, and versions 0.8.x prior to 0.8.16, may be used incorrectly, leading to a credentials leak during a redirect to a different domain. In order for this to happen, the HttpClient must have been explicitly configured to follow redirect...

4.9CVSS5.9AI score0.00653EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2020/03/03 5:55 p.m.100 views

CVE-2020-5404

CVE-2020-5404 affects Reactor Netty’s HttpClient (versions 0.9.x before 0.9.5 and 0.8.x before 0.8.16). The issue arises when the HttpClient is explicitly configured to follow redirects, which may cause a credentials leak during a redirect to a different domain. Impact is credential leakage; expl...

6.5CVSS5.9AI score0.00653EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/03/03 5:55 p.m.58 views

CVE-2020-5404 Authentication Leak On Redirect With Reactor Netty HttpClient

The HttpClient from Reactor Netty, versions 0.9.x prior to 0.9.5, and versions 0.8.x prior to 0.8.16, may be used incorrectly, leading to a credentials leak during a redirect to a different domain. In order for this to happen, the HttpClient must have been explicitly configured to follow redirect...

6.5CVSS5.7AI score0.00653EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2020/03/03 12:0 a.m.7 views

PT-2020-18459 · Reactor Netty · Reactor Netty Http Server

Name of the Vulnerable Software and Affected Versions: Reactor Netty HttpServer versions 0.9.3 through 0.9.4 Description: The issue is related to a URISyntaxException that causes the connection to be closed prematurely instead of producing a 400 response. Recommendations: For versions 0.9.3 and...

7.5CVSS6.3AI score0.01118EPSS
Exploits0References5
Veracode
Veracode
added 2020/02/28 10:32 p.m.24 views

Denial Of Service (DoS) Via Malformed URL

reactor-netty is susceptible to denial of service DoS. The attack is possible when an attacker provide a malformed URI with double slash // characters, failing to handle the path information and end up with URISyntaxException closing connection instead of returning 400 status code...

7.5CVSS3.4AI score0.01118EPSS
Exploits0References5Affected Software1
Spring Security Advisories
Spring Security Advisories
added 2020/02/27 12:0 a.m.5 views

Authentication Leak On Redirect With Reactor Netty HttpClient

Reactor Netty HttpClient, versions 0.9.x prior to 0.9.5, and versions 0.8.x prior to 0.8.16, may be used incorrectly, leading to a credentials leak during a redirect to a different domain. In order for this to happen, the HttpClient must have been explicitly configured to follow redirects...

6.5CVSS6.4AI score0.00653EPSS
Exploits0References1
Spring Security Advisories
Spring Security Advisories
added 2019/10/28 12:0 a.m.7 views

Reactor Netty Consumes a Vulnerable Version of Netty

Reactor Netty, versions 0.8.x prior to 0.8.13 and 0.9.x prior to 0.9.1, depends on vulnerable versions of netty versions prior to 4.1.42, which incorrectly handles whitespace before a colon in headers, leading to HTTP request smuggling attacks...

7.5CVSS6.8AI score0.08415EPSS
Exploits1References2
OSV
OSV
added 2019/10/23 2:14 p.m.21 views

GHSA-J52R-XC68-Q8F4 Insufficiently Protected Credentials in Pivotal Reactor Netty

Pivotal Reactor Netty, versions prior to 0.8.11, passes headers through redirects, including authorization ones. A remote unauthenticated malicious user may gain access to credentials for a different server than they have access to...

8.6CVSS8.7AI score0.00894EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2019/10/23 2:14 p.m.5 views

ai.hyacinth.framework:core-service-admin-server (>=0.5.2 <=0.5.5), ai.hyacinth.framework:core-service-gateway-server (>=0.5.2 <=0.5.5) +198 more potentially affected by CVE-2019-11284 via io.projectreactor.netty:reactor-netty (>=0.8.0.RELEASE <=0.8.10.RELEASE)

io.projectreactor.netty:reactor-netty MAVEN version =0.8.0.RELEASE, =0.5.2, =0.5.2, =0.5.2, =0.0.3, =0.0.9 and more Source cves: CVE-2019-11284 Source advisory: OSV:GHSA-J52R-XC68-Q8F4...

8.6CVSS6.8AI score0.00894EPSS
Exploits0
Rows per page
Query Builder