CVE-2022-31684

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-31684

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-31684.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-31684

Aliases

GHSA-7w4x-4h67-pgmv

Published

2022-10-19T22:15:10.237Z

Modified

2025-11-20T12:06:36.240761Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

Reactor Netty HTTP Server, in versions 1.0.11 - 1.0.23, may log request headers in some cases of invalid HTTP requests. The logged headers may reveal valid access tokens to those with access to server logs. This may affect only invalid HTTP requests where logging at WARN level is enabled.

References

https://tanzu.vmware.com/security/cve-2022-31684

Affected packages

Git / github.com/reactor/reactor-netty

Affected ranges

Type: GIT
Repo: https://github.com/reactor/reactor-netty
Events: Introduced

c32da5f61fd04dcdc16e85ac3c3ef08bfaa0de90

Last affected

6ee4171387ea4b6979b4fbaedbfc04337ffde3fb

Affected versions

v0.*

v0.9.24.RELEASE

v0.9.25.RELEASE

v1.*

v1.0.11

v1.0.12

v1.0.13

v1.0.14

v1.0.15

v1.0.16

v1.0.17

v1.0.18

v1.0.19

v1.0.20

v1.0.21

v1.0.22

v1.0.23