183 matches found
EUVD-2022-1052
Malicious code in bioql PyPI...
Security Bulletin: Vulnerabilities in Spring Cloud Gateway Server, Bouncy Castle, Reactor Netty HTTP Server, NPM and Apache Commons might affect IBM Storage Defender Copy Data Management
Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in Spring Cloud Gateway Server, Bouncy Castle, Reactor Netty HTTP Server, NPM and Apache Commons. Vulnerabilities include forwarded headers from untrusted proxies, opening up a possibility of DNS poisoning,...
io.github.mullerhai:storch-mcp_3 (=0.1.0), io.projectreactor.netty:reactor-netty (>=1.3.0-M1 <=1.3.0-M4) +1 more potentially affected by CVE-2025-22227 via io.projectreactor.netty:reactor-netty-http (>=1.3.0-M1 <=1.3.0-M4)
io.projectreactor.netty:reactor-netty-http MAVEN version =1.3.0-M1, =1.3.0-M1, =1.3.0-M1, =1.3.0-M4 Source cves: CVE-2025-22227 Source advisory: OSV:GHSA-4Q2V-9P7V-3V22...
GHSA-4Q2V-9P7V-3V22 Reactor Netty HTTP is vulnerable to credential leaks during chained redirects
In some specific scenarios with chained redirects, Reactor Netty HTTP client leaks credentials. In order for this to happen, the HTTP client must have been explicitly configured to follow redirects...
africa.absa:inception-application (>=1.0.0 <=1.2.0), ai.ancf.lmos-router:benchmarks (>=0.2.0 <=0.28.0) +5879 more potentially affected by CVE-2025-22227 via io.projectreactor.netty:reactor-netty-http (>=1.0.0 <=1.2.7)
io.projectreactor.netty:reactor-netty-http MAVEN version =1.0.0, =1.0.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.1.1, =0.1.1, =0.1.1, =0.0.4, =0.6.0 - ai.ancf.lmos:lmos-router-hybrid =0.1.0 - ai.ancf.lmos:lmos-router-hybrid-spring-boot-starter =0.1.0 - ai.ancf.lmos:lmos-router-llm =0.1...
CVE-2025-22227
In some specific scenarios with chained redirects, Reactor Netty HTTP client leaks credentials. In order for this to happen, the HTTP client must have been explicitly configured to follow redirects...
CVE-2025-22227 CVE-2025-22227: Authentication Leak On Redirect With Reactor Netty HTTP Client
In some specific scenarios with chained redirects, Reactor Netty HTTP client leaks credentials. In order for this to happen, the HTTP client must have been explicitly configured to follow redirects...
CVE-2025-22227
CVE-2025-22227 is described in the initial document as a vulnerability where, in specific scenarios with chained redirects, the Reactor Netty HTTP client leaks credentials if the HTTP client is explicitly configured to follow redirects. The connected IBM bulletins list CVE-2025-22227 among a larg...
PT-2025-29713
Name of the Vulnerable Software and Affected Versions Reactor Netty HTTP client affected versions not specified Description In specific scenarios involving chained redirects, the Reactor Netty HTTP client is susceptible to credential leakage. This issue occurs when the HTTP client is explicitly...
Reactor Netty 安全漏洞
Reactor Netty is a non-blocking and backpressure-ready TCP/HTTP/UDP/QUIC client and server based on the Netty framework. A security vulnerability exists in Reactor Netty that stems from the Reactor Netty HTTP client disclosing credentials in certain specific scenarios of chained redirection...
Authentication Leak On Redirect With Reactor Netty HTTP Client
In some specific scenarios with chained redirects, Reactor Netty HTTP client leaks credentials. In order for this to happen, the HTTP client must have been explicitly configured to follow redirects...
io.github.mullerhai:storch-mcp_3 (=0.1.0), io.projectreactor.netty:reactor-netty (>=1.3.0-M1 <=1.3.0-M4) +1 more potentially affected by CVE-2025-22227 via io.projectreactor.netty:reactor-netty-http (>=1.3.0-M1 <=1.3.0-M4)
io.projectreactor.netty:reactor-netty-http MAVEN version =1.3.0-M1, =1.3.0-M1, =1.3.0-M1, =1.3.0-M4 Source cves: CVE-2025-22227 Source advisory: SNYK:JAVA-IOPROJECTREACTORNETTY-10770514...
africa.absa:inception-application (>=1.0.0 <=1.2.0), ai.ancf.lmos-router:benchmarks (>=0.2.0 <=0.28.0) +5879 more potentially affected by CVE-2025-22227 via io.projectreactor.netty:reactor-netty-http (>=1.0.0 <=1.2.7)
io.projectreactor.netty:reactor-netty-http MAVEN version =1.0.0, =1.0.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.1.1, =0.1.1, =0.1.1, =0.0.4, =0.6.0 - ai.ancf.lmos:lmos-router-hybrid =0.1.0 - ai.ancf.lmos:lmos-router-hybrid-spring-boot-starter =0.1.0 - ai.ancf.lmos:lmos-router-llm =0.1...
Exposure of Sensitive System Information to an Unauthorized Control Sphere
Overview Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere via handling of chained redirects. An attacker can cause the Reactor Netty HTTP client to leak credentials such as session cookies by intercepting initial HTTP/1...
CVE-2023-34054
In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service DoS condition. Specifically, an application is vulnerable if Reactor Netty HTTP Server built-in...
CVE-2002-2424
Cross-site scripting XSS vulnerability in PHPReactor 1.2.7 pl1 allows remote attackers to inject arbitrary web script or HTML via Javascript in the style attribute of an HTML tag...
This Week in Spring - December 3rd, 2024
Hi, Spring fans! Welcome to another installment of This Week in Spring! It's the first week of December and I am in the amazing city of Perth, Australia. Perth, for those of you who don't know, is amazing. And well worth the journey. But it is quite the journey! 27 hours, door-to-door, from San...
Malicious code in journey-client-reactor (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5a98ffaef8416f200477aa23d38714df4c260dc31fe05c31d6edc8312f1a1c6c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-11046 Malicious code in journey-client-reactor (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5a98ffaef8416f200477aa23d38714df4c260dc31fe05c31d6edc8312f1a1c6c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
HTTP/3 support in Reactor 2024.0 Release Train
HTTP/3, the latest major version of the Hypertext Transfer Protocol, had its specification finalized in June 2022. This version is designed to enhance performance, reliability, and security. Unlike its predecessors, HTTP/3 utilizes QUIC instead of TCP as its transport layer. QUIC is a UDP-based,...