EPSS
Percentile
35.3%
reactor.netty is vulnerable to information disclosure. The followRedirect functions does not properly handle the redirect request, leading to a credential leakage if a redirect to different domain is based on the incorrect configuration.
followRedirect
github.com/reactor/reactor-netty/commit/c6f7e48c83b36975024e3bd3f828a8c83c651e41
github.com/reactor/reactor-netty/issues/1006
pivotal.io/security/cve-2020-5404
spring.io/blog/2020/02/27/cve-reports-published-for-reactor-netty