7 matches found
ROOT-APP-MAVEN-CVE-2025-22227 CVE-2025-22227 in io.root.io.projectreactor.netty:reactor-netty-http - Patched by Root
Root has patched CVE-2025-22227 in the io.root.io.projectreactor.netty:reactor-netty-http package for Root:Maven. Multiple fixed versions available...
CVE-2025-22227 vulnerabilities
Vulnerabilities for packages: apache-nifi, druid, elasticsearch-fips, camunda-zeebe, elasticsearch, conductor, thingsboard, flyway, conductor-fips, opensearch...
CVE-2025-22227
A flaw was found in io.projectreactor.netty/reactor-netty. Reactor Netty’s HTTP client, when explicitly configured to follow redirects in chained redirect scenarios, can inadvertently leak credentials. This flaw allows an attacker to trigger this credential leakage by manipulating the redirect...
io.github.mullerhai:storch-mcp_3 (=0.1.0), io.projectreactor.netty:reactor-netty (>=1.3.0-M1 <=1.3.0-M4) +1 more potentially affected by CVE-2025-22227 via io.projectreactor.netty:reactor-netty-http (>=1.3.0-M1 <=1.3.0-M4)
io.projectreactor.netty:reactor-netty-http MAVEN version =1.3.0-M1, =1.3.0-M1, =1.3.0-M1, =1.3.0-M4 Source cves: CVE-2025-22227 Source advisory: OSV:GHSA-4Q2V-9P7V-3V22...
CVE-2025-22227
creationtimestamp| type| source ---|---|--- 2025-07-16 10:07:05+00:00| seen| https://bsky.app/profile/snicoll.be/post/3lu36axz77c2d...
CVE-2025-22227 CVE-2025-22227: Authentication Leak On Redirect With Reactor Netty HTTP Client
In some specific scenarios with chained redirects, Reactor Netty HTTP client leaks credentials. In order for this to happen, the HTTP client must have been explicitly configured to follow redirects...
africa.absa:inception-application (>=1.0.0 <=1.2.0), ai.ancf.lmos-router:benchmarks (>=0.2.0 <=0.28.0) +5879 more potentially affected by CVE-2025-22227 via io.projectreactor.netty:reactor-netty-http (>=1.0.0 <=1.2.7)
io.projectreactor.netty:reactor-netty-http MAVEN version =1.0.0, =1.0.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.1.1, =0.1.1, =0.1.1, =0.0.4, =0.6.0 - ai.ancf.lmos:lmos-router-hybrid =0.1.0 - ai.ancf.lmos:lmos-router-hybrid-spring-boot-starter =0.1.0 - ai.ancf.lmos:lmos-router-llm =0.1...