Lucene search
+L

183 matches found

euvd
euvd
added 2025/10/03 8:7 p.m.28 views

EUVD-2022-1052

Malicious code in bioql PyPI...

7.5CVSS6.7AI score0.01118EPSS
Exploits0References2
ibm
ibm
added 2025/09/30 9:12 p.m.11 views

Security Bulletin: Vulnerabilities in Spring Cloud Gateway Server, Bouncy Castle, Reactor Netty HTTP Server, NPM and Apache Commons might affect IBM Storage Defender Copy Data Management

Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in Spring Cloud Gateway Server, Bouncy Castle, Reactor Netty HTTP Server, NPM and Apache Commons. Vulnerabilities include forwarded headers from untrusted proxies, opening up a possibility of DNS poisoning,...

8.8CVSS7.7AI score0.01548EPSS
Exploits3Affected Software1
vulnersosv
vulnersosv
added 2025/07/16 12:30 p.m.6 views

io.github.mullerhai:storch-mcp_3 (=0.1.0), io.projectreactor.netty:reactor-netty (>=1.3.0-M1 <=1.3.0-M4) +1 more potentially affected by CVE-2025-22227 via io.projectreactor.netty:reactor-netty-http (>=1.3.0-M1 <=1.3.0-M4)

io.projectreactor.netty:reactor-netty-http MAVEN version =1.3.0-M1, =1.3.0-M1, =1.3.0-M1, =1.3.0-M4 Source cves: CVE-2025-22227 Source advisory: OSV:GHSA-4Q2V-9P7V-3V22...

6.1CVSS6.4AI score0.0034EPSS
Exploits0
osv
osv
added 2025/07/16 12:30 p.m.5 views

GHSA-4Q2V-9P7V-3V22 Reactor Netty HTTP is vulnerable to credential leaks during chained redirects

In some specific scenarios with chained redirects, Reactor Netty HTTP client leaks credentials. In order for this to happen, the HTTP client must have been explicitly configured to follow redirects...

6.1CVSS6.8AI score0.0034EPSS
Exploits0References4
vulnersosv
vulnersosv
added 2025/07/16 12:30 p.m.9 views

africa.absa:inception-application (>=1.0.0 <=1.2.0), ai.ancf.lmos-router:benchmarks (>=0.2.0 <=0.28.0) +5879 more potentially affected by CVE-2025-22227 via io.projectreactor.netty:reactor-netty-http (>=1.0.0 <=1.2.7)

io.projectreactor.netty:reactor-netty-http MAVEN version =1.0.0, =1.0.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.1.1, =0.1.1, =0.1.1, =0.0.4, =0.6.0 - ai.ancf.lmos:lmos-router-hybrid =0.1.0 - ai.ancf.lmos:lmos-router-hybrid-spring-boot-starter =0.1.0 - ai.ancf.lmos:lmos-router-llm =0.1...

6.1CVSS6.3AI score0.0034EPSS
Exploits0
nvd
nvd
added 2025/07/16 10:15 a.m.21 views

CVE-2025-22227

In some specific scenarios with chained redirects, Reactor Netty HTTP client leaks credentials. In order for this to happen, the HTTP client must have been explicitly configured to follow redirects...

6.1CVSS0.0034EPSS
Exploits0References1
cvelist
cvelist
added 2025/07/16 9:31 a.m.40 views

CVE-2025-22227 CVE-2025-22227: Authentication Leak On Redirect With Reactor Netty HTTP Client

In some specific scenarios with chained redirects, Reactor Netty HTTP client leaks credentials. In order for this to happen, the HTTP client must have been explicitly configured to follow redirects...

6.1CVSS0.0034EPSS
Exploits0References1
cve
cve
added 2025/07/16 9:31 a.m.134 views

CVE-2025-22227

CVE-2025-22227 is described in the initial document as a vulnerability where, in specific scenarios with chained redirects, the Reactor Netty HTTP client leaks credentials if the HTTP client is explicitly configured to follow redirects. The connected IBM bulletins list CVE-2025-22227 among a larg...

6.1CVSS6.7AI score0.0034EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2025/07/16 12:0 a.m.15 views

PT-2025-29713

Name of the Vulnerable Software and Affected Versions Reactor Netty HTTP client affected versions not specified Description In specific scenarios involving chained redirects, the Reactor Netty HTTP client is susceptible to credential leakage. This issue occurs when the HTTP client is explicitly...

6.1CVSS6.5AI score0.0034EPSS
Exploits0References8
cnnvd
cnnvd
added 2025/07/16 12:0 a.m.7 views

Reactor Netty 安全漏洞

Reactor Netty is a non-blocking and backpressure-ready TCP/HTTP/UDP/QUIC client and server based on the Netty framework. A security vulnerability exists in Reactor Netty that stems from the Reactor Netty HTTP client disclosing credentials in certain specific scenarios of chained redirection...

6.1CVSS6.2AI score0.0034EPSS
Exploits0References1
spring
spring
added 2025/07/15 12:0 a.m.9 views

Authentication Leak On Redirect With Reactor Netty HTTP Client

In some specific scenarios with chained redirects, Reactor Netty HTTP client leaks credentials. In order for this to happen, the HTTP client must have been explicitly configured to follow redirects...

6.1CVSS6.4AI score0.0034EPSS
Exploits0References1Affected Software1
vulnersosv
vulnersosv
added 2025/07/15 12:0 a.m.7 views

io.github.mullerhai:storch-mcp_3 (=0.1.0), io.projectreactor.netty:reactor-netty (>=1.3.0-M1 <=1.3.0-M4) +1 more potentially affected by CVE-2025-22227 via io.projectreactor.netty:reactor-netty-http (>=1.3.0-M1 <=1.3.0-M4)

io.projectreactor.netty:reactor-netty-http MAVEN version =1.3.0-M1, =1.3.0-M1, =1.3.0-M1, =1.3.0-M4 Source cves: CVE-2025-22227 Source advisory: SNYK:JAVA-IOPROJECTREACTORNETTY-10770514...

6.1CVSS6.4AI score0.0034EPSS
Exploits0
vulnersosv
vulnersosv
added 2025/07/15 12:0 a.m.8 views

africa.absa:inception-application (>=1.0.0 <=1.2.0), ai.ancf.lmos-router:benchmarks (>=0.2.0 <=0.28.0) +5879 more potentially affected by CVE-2025-22227 via io.projectreactor.netty:reactor-netty-http (>=1.0.0 <=1.2.7)

io.projectreactor.netty:reactor-netty-http MAVEN version =1.0.0, =1.0.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.1.1, =0.1.1, =0.1.1, =0.0.4, =0.6.0 - ai.ancf.lmos:lmos-router-hybrid =0.1.0 - ai.ancf.lmos:lmos-router-hybrid-spring-boot-starter =0.1.0 - ai.ancf.lmos:lmos-router-llm =0.1...

6.1CVSS6.3AI score0.0034EPSS
Exploits0
snyk
snyk
added 2025/07/15 12:0 a.m.6 views

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Overview Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere via handling of chained redirects. An attacker can cause the Reactor Netty HTTP client to leak credentials such as session cookies by intercepting initial HTTP/1...

6.1CVSS6.9AI score0.0034EPSS
Exploits0References2
redhatcve
redhatcve
added 2025/05/23 5:22 a.m.6 views

CVE-2023-34054

In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service DoS condition. Specifically, an application is vulnerable if Reactor Netty HTTP Server built-in...

7.5CVSS6.7AI score0.00906EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/21 8:40 p.m.8 views

CVE-2002-2424

Cross-site scripting XSS vulnerability in PHPReactor 1.2.7 pl1 allows remote attackers to inject arbitrary web script or HTML via Javascript in the style attribute of an HTML tag...

4.3CVSS5.9AI score0.01449EPSS
Exploits1References1
spring
spring
added 2024/12/03 12:0 a.m.12 views

This Week in Spring - December 3rd, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring! It's the first week of December and I am in the amazing city of Perth, Australia. Perth, for those of you who don't know, is amazing. And well worth the journey. But it is quite the journey! 27 hours, door-to-door, from San...

7.1AI score
Exploits0
ossf
ossf
added 2024/11/27 6:5 a.m.1 views

Malicious code in journey-client-reactor (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5a98ffaef8416f200477aa23d38714df4c260dc31fe05c31d6edc8312f1a1c6c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
osv
osv
added 2024/11/27 6:5 a.m.5 views

MAL-2024-11046 Malicious code in journey-client-reactor (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5a98ffaef8416f200477aa23d38714df4c260dc31fe05c31d6edc8312f1a1c6c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
spring
spring
added 2024/11/26 12:0 a.m.13 views

HTTP/3 support in Reactor 2024.0 Release Train

HTTP/3, the latest major version of the Hypertext Transfer Protocol, had its specification finalized in June 2022. This version is designed to enhance performance, reliability, and security. Unlike its predecessors, HTTP/3 utilizes QUIC instead of TCP as its transport layer. QUIC is a UDP-based,...

6.8AI score
Exploits0
Rows per page
Query Builder