Lucene search
Veracode Vulnerability DatabaseVERACODE:22602HistoryFeb 29, 2020 - 11:49 p.m.
Information Disclosure
2020-02-2923:49:54
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
0.001 Low
EPSS
Percentile
35.5%
reactor.netty is vulnerable to information disclosure. The followRedirect functions does not properly handle the redirect request, leading to a credential leakage if a redirect to different domain is based on the incorrect configuration.
| CPE | Name | Operator | Version |
|---|---|---|---|
| reactor netty with all modules | le | 0.9.4.RELEASE | |
| reactor netty with all modules | le | 0.8.15.RELEASE |
Related
github
github
Insufficiently Protected Credentials in Reactor Netty
2022-02-10 20:24:17
redhatcve
redhatcve
CVE-2020-5404
2021-06-23 08:25:53
cve
cve
CVE-2020-5404
2020-03-03 18:15:12
prion
prion
Buffer overflow
2020-03-03 18:15:00
osv
osv
CVE-2020-5404
2020-03-03 18:15:12
Insufficiently Protected Credentials in Reactor Netty
2022-02-10 20:24:17
cvelist
cvelist
CVE-2020-5404 Authentication Leak On Redirect With Reactor Netty HttpClient
2020-02-27 00:00:00
nvd
nvd
CVE-2020-5404
2020-03-03 18:15:12
redhat
redhat
(RHSA-2022:8761) Moderate: Red Hat support for Spring Boot 2.7.2 update
2022-12-14 13:14:18