Insufficiently Protected Credentials in Pivotal Reactor Netty
High severity
GitHub Reviewed
Published
Oct 23, 2019
to the GitHub Advisory Database
•
Updated Feb 1, 2023
Package
Affected versions
< 0.8.11
Patched versions
0.8.11
Description
Published by the National Vulnerability Database
Oct 17, 2019
Reviewed
Oct 22, 2019
Published to the GitHub Advisory Database
Oct 23, 2019
Last updated
Feb 1, 2023
Pivotal Reactor Netty, versions prior to 0.8.11, passes headers through redirects, including authorization ones. A remote unauthenticated malicious user may gain access to credentials for a different server than they have access to.
References