CVE-2020-5404
6.5
CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N
Summary
The HttpClient from Reactor Netty, versions 0.9.x prior to 0.9.5, and versions 0.8.x prior to 0.8.16, may be used incorrectly, leading to a credentials leak during a redirect to a different domain. In order for this to happen, the HttpClient must have been explicitly configured to follow redirects.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Pivotal | Reactor Netty | 0.8 < v0.8.16.RELEASE | affected |
| Pivotal | Reactor Netty | 0.9 < v0.9.5.RELEASE | affected |
Weaknesses
- CWE-522: CWE-522: Insufficiently Protected Credentials
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.