Lucene search
PRIOn knowledge basePRION:CVE-2020-5404HistoryMar 03, 2020 - 6:15 p.m.
Buffer overflow
2020-03-0318:15:00
PRIOn knowledge base
www.prio-n.com
3
The HttpClient from Reactor Netty, versions 0.9.x prior to 0.9.5, and versions 0.8.x prior to 0.8.16, may be used incorrectly, leading to a credentials leak during a redirect to a different domain. In order for this to happen, the HttpClient must have been explicitly configured to follow redirects.
| CPE | Name | Operator | Version |
|---|---|---|---|
| reactor_netty | ge | 0.8.0 | |
| reactor_netty | le | 0.8.15 | |
| reactor_netty | ge | 0.9.0 | |
| reactor_netty | le | 0.9.4 |
References
Related
github
github
Insufficiently Protected Credentials in Reactor Netty
2022-02-10 20:24:17
redhatcve
redhatcve
CVE-2020-5404
2021-06-23 08:25:53
cve
cve
CVE-2020-5404
2020-03-03 18:15:12
osv
osv
CVE-2020-5404
2020-03-03 18:15:12
Insufficiently Protected Credentials in Reactor Netty
2022-02-10 20:24:17
cvelist
cvelist
CVE-2020-5404 Authentication Leak On Redirect With Reactor Netty HttpClient
2020-02-27 00:00:00
nvd
nvd
CVE-2020-5404
2020-03-03 18:15:12
veracode
veracode
Information Disclosure
2020-02-29 23:49:54
redhat
redhat
(RHSA-2022:8761) Moderate: Red Hat support for Spring Boot 2.7.2 update
2022-12-14 13:14:18