2 matches found
PT-2023-8190
Name of the Vulnerable Software and Affected Versions Reactor Netty HTTP Server versions 1.0.x prior to 1.0.39 Reactor Netty HTTP Server versions 1.1.x prior to 1.1.13 Description The issue is related to incorrect restriction of directory path names, which can lead to a directory traversal attack...
GHSA-7W4X-4H67-PGMV Invalid HTTP requests in Reactor Netty HTTP Server may reveal access tokens
Reactor Netty HTTP Server, in versions 1.0.11 - 1.0.23, may request log headers in some cases of invalid HTTP requests. The logged headers may reveal valid access tokens to those with access to server logs. This may affect only invalid HTTP requests where logging at WARN level is enabled...