CVE-2020-5404
Authentication Leak On Redirect With Reactor Netty HttpClient
The HttpClient from Reactor Netty, versions 0.9.x prior to 0.9.5, and versions 0.8.x prior to 0.8.16, may be used incorrectly, leading to a credentials leak during a redirect to a different domain. In order for this to happen, the HttpClient must have been explicitly configured to follow redirects.
CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N
Produtos afetados
Pivotal · Reactor NettyQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
https://pivotal.io/security/cve-2020-5404