Lucene search
K

7 matches found

OSV
OSV
added 2026/06/24 1:32 p.m.9 views

ROOT-APP-MAVEN-CVE-2025-22227 CVE-2025-22227 in io.root.io.projectreactor.netty:reactor-netty-http - Patched by Root

Root has patched CVE-2025-22227 in the io.root.io.projectreactor.netty:reactor-netty-http package for Root:Maven. Multiple fixed versions available...

6.1CVSS5.2AI score0.0034EPSS
Exploits0
Chainguard
Chainguard
added 2025/07/17 1:16 p.m.13 views

CVE-2025-22227 vulnerabilities

Vulnerabilities for packages: apache-nifi, druid, elasticsearch-fips, camunda-zeebe, elasticsearch, conductor, thingsboard, flyway, conductor-fips, opensearch...

6.1CVSS6.5AI score0.0034EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/07/17 3:8 a.m.4 views

CVE-2025-22227

A flaw was found in io.projectreactor.netty/reactor-netty. Reactor Netty’s HTTP client, when explicitly configured to follow redirects in chained redirect scenarios, can inadvertently leak credentials. This flaw allows an attacker to trigger this credential leakage by manipulating the redirect...

6.1CVSS5.7AI score0.0034EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2025/07/16 12:30 p.m.6 views

io.github.mullerhai:storch-mcp_3 (=0.1.0), io.projectreactor.netty:reactor-netty (>=1.3.0-M1 <=1.3.0-M4) +1 more potentially affected by CVE-2025-22227 via io.projectreactor.netty:reactor-netty-http (>=1.3.0-M1 <=1.3.0-M4)

io.projectreactor.netty:reactor-netty-http MAVEN version =1.3.0-M1, =1.3.0-M1, =1.3.0-M1, =1.3.0-M4 Source cves: CVE-2025-22227 Source advisory: OSV:GHSA-4Q2V-9P7V-3V22...

6.1CVSS6.4AI score0.0034EPSS
Exploits0
Circl
Circl
added 2025/07/16 10:7 a.m.6 views

CVE-2025-22227

creationtimestamp| type| source ---|---|--- 2025-07-16 10:07:05+00:00| seen| https://bsky.app/profile/snicoll.be/post/3lu36axz77c2d...

6.1CVSS5.7AI score0.0034EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/07/16 9:31 a.m.40 views

CVE-2025-22227 CVE-2025-22227: Authentication Leak On Redirect With Reactor Netty HTTP Client

In some specific scenarios with chained redirects, Reactor Netty HTTP client leaks credentials. In order for this to happen, the HTTP client must have been explicitly configured to follow redirects...

6.1CVSS0.0034EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2025/07/15 12:0 a.m.8 views

africa.absa:inception-application (>=1.0.0 <=1.2.0), ai.ancf.lmos-router:benchmarks (>=0.2.0 <=0.28.0) +5879 more potentially affected by CVE-2025-22227 via io.projectreactor.netty:reactor-netty-http (>=1.0.0 <=1.2.7)

io.projectreactor.netty:reactor-netty-http MAVEN version =1.0.0, =1.0.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.1.1, =0.1.1, =0.1.1, =0.0.4, =0.6.0 - ai.ancf.lmos:lmos-router-hybrid =0.1.0 - ai.ancf.lmos:lmos-router-hybrid-spring-boot-starter =0.1.0 - ai.ancf.lmos:lmos-router-llm =0.1...

6.1CVSS6.3AI score0.0034EPSS
Exploits0
Rows per page
Query Builder