CVE-2020-5404

Source
https://nvd.nist.gov/vuln/detail/CVE-2020-5404
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-5404.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-5404
Aliases
Withdrawn
2024-05-15T05:33:54.083720Z
Published
2020-03-03T18:15:12Z
Modified
2023-11-29T08:34:18.646381Z
Severity
  • 5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N CVSS Calculator
Summary
[none]
Details

The HttpClient from Reactor Netty, versions 0.9.x prior to 0.9.5, and versions 0.8.x prior to 0.8.16, may be used incorrectly, leading to a credentials leak during a redirect to a different domain. In order for this to happen, the HttpClient must have been explicitly configured to follow redirects.

References

Affected packages

Git / github.com/reactor/reactor-netty

Affected ranges

Type
GIT
Repo
https://github.com/reactor/reactor-netty
Events

Affected versions

0.*

0.8.0.M2

v0.*

v0.7.10.RELEASE
v0.7.11.RELEASE
v0.7.12.RELEASE
v0.7.13.RELEASE
v0.7.14.RELEASE
v0.7.15.RELEASE
v0.7.9.RELEASE
v0.8.0.M3
v0.8.0.RELEASE
v0.8.1.RELEASE
v0.8.10.RELEASE
v0.8.11.RELEASE
v0.8.12.RELEASE
v0.8.13.RELEASE
v0.8.14.RELEASE
v0.8.15.RELEASE
v0.8.16.RELEASE
v0.8.17.RELEASE
v0.8.18.RELEASE
v0.8.19.RELEASE
v0.8.2.RELEASE
v0.8.20.RELEASE
v0.8.21.RELEASE
v0.8.22.RELEASE
v0.8.23.RELEASE
v0.8.3.RELEASE
v0.8.4.RELEASE
v0.8.5.RELEASE
v0.8.6.RELEASE
v0.8.7.RELEASE
v0.8.8.RELEASE
v0.8.9.RELEASE
v0.9.0.M1
v0.9.0.M2
v0.9.0.M3
v0.9.0.RC1
v0.9.0.RELEASE
v0.9.1.RELEASE
v0.9.10.RELEASE
v0.9.11.RELEASE
v0.9.12.RELEASE
v0.9.13.RELEASE
v0.9.14.RELEASE
v0.9.15.RELEASE
v0.9.16.RELEASE
v0.9.17.RELEASE
v0.9.18.RELEASE
v0.9.19.RELEASE
v0.9.2.RELEASE
v0.9.20.RELEASE
v0.9.21.RELEASE
v0.9.22.RELEASE
v0.9.23.RELEASE
v0.9.24.RELEASE
v0.9.25.RELEASE
v0.9.3.RELEASE
v0.9.5.RELEASE
v0.9.6.RELEASE
v0.9.7.RELEASE
v0.9.8.RELEASE
v0.9.9.RELEASE

v1.*

v1.0.0
v1.0.0-M1
v1.0.0-M2
v1.0.0-RC1
v1.0.0-RC2
v1.0.1
v1.0.10
v1.0.11
v1.0.12
v1.0.13
v1.0.14
v1.0.15
v1.0.16
v1.0.17
v1.0.18
v1.0.19
v1.0.2
v1.0.20
v1.0.21
v1.0.22
v1.0.23
v1.0.24
v1.0.25
v1.0.26
v1.0.27
v1.0.28
v1.0.29
v1.0.3
v1.0.30
v1.0.31
v1.0.32
v1.0.33
v1.0.34
v1.0.35
v1.0.36
v1.0.37
v1.0.38
v1.0.39
v1.0.4
v1.0.5
v1.0.6
v1.0.7
v1.0.8
v1.0.9
v1.1.0
v1.1.0-M1
v1.1.0-M2
v1.1.0-M3
v1.1.0-M4
v1.1.0-M5
v1.1.0-M6
v1.1.0-RC1
v1.1.1
v1.1.10
v1.1.11
v1.1.12
v1.1.13
v1.1.2
v1.1.3
v1.1.4
v1.1.5
v1.1.6
v1.1.7
v1.1.8
v1.1.9

v2.*

v2.0.0-M1
v2.0.0-M2
v2.0.0-M3