CVE-2020-5404
Authentication Leak On Redirect With Reactor Netty HttpClient
The HttpClient from Reactor Netty, versions 0.9.x prior to 0.9.5, and versions 0.8.x prior to 0.8.16, may be used incorrectly, leading to a credentials leak during a redirect to a different domain. In order for this to happen, the HttpClient must have been explicitly configured to follow redirects.
CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N
Productos afectados
Pivotal · Reactor Netty¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
https://pivotal.io/security/cve-2020-5404