107 matches found
Improper Handling of Exceptional Conditions and Improper Input Validation in Reactor Netty
Reactor Netty HttpServer, versions 0.9.3 and 0.9.4, is exposed to a URISyntaxException that causes the connection to be closed prematurely instead of producing a 400 response...
GHSA-GPCH-H32J-GX6X Insufficiently Protected Credentials in Reactor Netty
The HttpClient from Reactor Netty, versions 0.9.x prior to 0.9.5, and versions 0.8.x prior to 0.8.16, may be used incorrectly, leading to a credentials leak during a redirect to a different domain. In order for this to happen, the HttpClient must have been explicitly configured to follow redirect...
Insufficiently Protected Credentials in Reactor Netty
The HttpClient from Reactor Netty, versions 0.9.x prior to 0.9.5, and versions 0.8.x prior to 0.8.16, may be used incorrectly, leading to a credentials leak during a redirect to a different domain. In order for this to happen, the HttpClient must have been explicitly configured to follow redirect...
CVE-2020-5404
The HttpClient from Reactor Netty, versions 0.9.x prior to 0.9.5, and versions 0.8.x prior to 0.8.16, may be used incorrectly, leading to a credentials leak during a redirect to a different domain. In order for this to happen, the HttpClient must have been explicitly configured to follow redirect...
CVE-2020-5403
Reactor Netty HttpServer, versions 0.9.3 and 0.9.4, is exposed to a URISyntaxException that causes the connection to be closed prematurely instead of producing a 400 response...
CVE-2020-5403
Reactor Netty HttpServer, versions 0.9.3 and 0.9.4, is exposed to a URISyntaxException that causes the connection to be closed prematurely instead of producing a 400 response...
Code injection
Reactor Netty HttpServer, versions 0.9.3 and 0.9.4, is exposed to a URISyntaxException that causes the connection to be closed prematurely instead of producing a 400 response...
CVE-2020-5403 DoS Via Malformed URL with Reactor Netty HTTP Server
Reactor Netty HttpServer, versions 0.9.3 and 0.9.4, is exposed to a URISyntaxException that causes the connection to be closed prematurely instead of producing a 400 response...
CVE-2020-5403
CVE-2020-5403 affects Reactor Netty HttpServer, specifically versions 0.9.3 and 0.9.4. The root cause is an URI syntax handling flaw that causes the connection to close prematurely due to a URISyntaxException, instead of returning a 400 Bad Request. This behavior can enable a DoS via malformed UR...
CVE-2020-5404
The HttpClient from Reactor Netty, versions 0.9.x prior to 0.9.5, and versions 0.8.x prior to 0.8.16, may be used incorrectly, leading to a credentials leak during a redirect to a different domain. In order for this to happen, the HttpClient must have been explicitly configured to follow redirect...
CVE-2020-5404
The HttpClient from Reactor Netty, versions 0.9.x prior to 0.9.5, and versions 0.8.x prior to 0.8.16, may be used incorrectly, leading to a credentials leak during a redirect to a different domain. In order for this to happen, the HttpClient must have been explicitly configured to follow redirect...
Buffer overflow
The HttpClient from Reactor Netty, versions 0.9.x prior to 0.9.5, and versions 0.8.x prior to 0.8.16, may be used incorrectly, leading to a credentials leak during a redirect to a different domain. In order for this to happen, the HttpClient must have been explicitly configured to follow redirect...
CVE-2020-5404
CVE-2020-5404 affects Reactor Netty’s HttpClient (versions 0.9.x before 0.9.5 and 0.8.x before 0.8.16). The issue arises when the HttpClient is explicitly configured to follow redirects, which may cause a credentials leak during a redirect to a different domain. Impact is credential leakage; expl...
CVE-2020-5404 Authentication Leak On Redirect With Reactor Netty HttpClient
The HttpClient from Reactor Netty, versions 0.9.x prior to 0.9.5, and versions 0.8.x prior to 0.8.16, may be used incorrectly, leading to a credentials leak during a redirect to a different domain. In order for this to happen, the HttpClient must have been explicitly configured to follow redirect...
PT-2020-18459 · Reactor Netty · Reactor Netty Http Server
Name of the Vulnerable Software and Affected Versions: Reactor Netty HttpServer versions 0.9.3 through 0.9.4 Description: The issue is related to a URISyntaxException that causes the connection to be closed prematurely instead of producing a 400 response. Recommendations: For versions 0.9.3 and...
Denial Of Service (DoS) Via Malformed URL
reactor-netty is susceptible to denial of service DoS. The attack is possible when an attacker provide a malformed URI with double slash // characters, failing to handle the path information and end up with URISyntaxException closing connection instead of returning 400 status code...
Authentication Leak On Redirect With Reactor Netty HttpClient
Reactor Netty HttpClient, versions 0.9.x prior to 0.9.5, and versions 0.8.x prior to 0.8.16, may be used incorrectly, leading to a credentials leak during a redirect to a different domain. In order for this to happen, the HttpClient must have been explicitly configured to follow redirects...
Reactor Netty Consumes a Vulnerable Version of Netty
Reactor Netty, versions 0.8.x prior to 0.8.13 and 0.9.x prior to 0.9.1, depends on vulnerable versions of netty versions prior to 4.1.42, which incorrectly handles whitespace before a colon in headers, leading to HTTP request smuggling attacks...
GHSA-J52R-XC68-Q8F4 Insufficiently Protected Credentials in Pivotal Reactor Netty
Pivotal Reactor Netty, versions prior to 0.8.11, passes headers through redirects, including authorization ones. A remote unauthenticated malicious user may gain access to credentials for a different server than they have access to...
ai.hyacinth.framework:core-service-admin-server (>=0.5.2 <=0.5.5), ai.hyacinth.framework:core-service-gateway-server (>=0.5.2 <=0.5.5) +198 more potentially affected by CVE-2019-11284 via io.projectreactor.netty:reactor-netty (>=0.8.0.RELEASE <=0.8.10.RELEASE)
io.projectreactor.netty:reactor-netty MAVEN version =0.8.0.RELEASE, =0.5.2, =0.5.2, =0.5.2, =0.0.3, =0.0.9 and more Source cves: CVE-2019-11284 Source advisory: OSV:GHSA-J52R-XC68-Q8F4...