Описание
The HttpClient from Reactor Netty, versions 0.9.x prior to 0.9.5, and versions 0.8.x prior to 0.8.16, may be used incorrectly, leading to a credentials leak during a redirect to a different domain. In order for this to happen, the HttpClient must have been explicitly configured to follow redirects.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Integration Camel K 1 | reactor-netty | Not affected | ||
| Text-Only RHOAR | reactor-netty | Fixed | RHSA-2022:8761 | 14.12.2022 |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-522
https://bugzilla.redhat.com/show_bug.cgi?id=1975160reactor-netty: specific redirect configuration allows for a credentials leak
5.9 Medium
CVSS3
Связанные уязвимости
CVSS3: 5.9
nvd
почти 6 лет назад
The HttpClient from Reactor Netty, versions 0.9.x prior to 0.9.5, and versions 0.8.x prior to 0.8.16, may be used incorrectly, leading to a credentials leak during a redirect to a different domain. In order for this to happen, the HttpClient must have been explicitly configured to follow redirects.
CVSS3: 5.9
github
почти 4 года назад
Insufficiently Protected Credentials in Reactor Netty
5.9 Medium
CVSS3