Information Exposure Affecting io.projectreactor.netty:reactor-netty package, versions [0.8.0,0.8.11.RELEASE)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
18 Oct 2019
17 Oct 2019
How to fix?
io.projectreactor.netty:reactor-netty to version 0.8.11.RELEASE or higher.
io.projectreactor.netty:reactor-netty is a TCP/HTTP/UDP client/server with Reactor over Netty.
Affected versions of this package are vulnerable to Information Exposure. Headers are passed through redirects, including authorization headers. A remote unauthenticated malicious user may gain access to credentials for a different server than they have access to.