GHSA-4q2v-9p7v-3v22

Опубликовано: 16 июл. 2025

Источник: github

Github: Прошло ревью

CVSS3: 6.1

Описание

Reactor Netty HTTP is vulnerable to credential leaks during chained redirects

In some specific scenarios with chained redirects, Reactor Netty HTTP client leaks credentials. In order for this to happen, the HTTP client must have been explicitly configured to follow redirects.

Ссылки

Пакеты

Наименование

io.projectreactor.netty:reactor-netty-http

maven

Затронутые версииВерсия исправления

>= 1.3.0-M1, < 1.3.0-M5

1.3.0-M5

Наименование

io.projectreactor.netty:reactor-netty-http

maven

Затронутые версииВерсия исправления

< 1.2.8

1.2.8

EPSS

Процентиль: 26%

0.00092

Низкий

6.1 Medium

CVSS3

CVE ID

CVE-2025-22227

Дефекты

CWE-200

Связанные уязвимости

CVE-2025-22227

CVSS3: 6.1

redhat

5 месяцев назад

In some specific scenarios with chained redirects, Reactor Netty HTTP client leaks credentials. In order for this to happen, the HTTP client must have been explicitly configured to follow redirects.

CVE-2025-22227

CVSS3: 6.1

nvd

5 месяцев назад

In some specific scenarios with chained redirects, Reactor Netty HTTP client leaks credentials. In order for this to happen, the HTTP client must have been explicitly configured to follow redirects.

EPSS

Процентиль: 26%

0.00092

Низкий

6.1 Medium

CVSS3

CVE ID

CVE-2025-22227

Дефекты

CWE-200