Description

Reactor Netty HTTP Server, in versions 1.0.11 - 1.0.23, may log request headers in some cases of invalid HTTP requests. The logged headers may reveal valid access tokens to those with access to server logs. This may affect only invalid HTTP requests where logging at WARN level is enabled.

Remediation

References

https://tanzu.vmware.com/security/cve-2022-31684

Related Vulnerabilities

CVE-2013-2186 Vulnerability in maven package commons-fileupload:commons-fileupload

CVE-2018-1999005 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2023-24455 Vulnerability in maven package io.jenkins.plugins:visualexpert

CVE-2020-8913 Vulnerability in maven package com.google.android.play:core

CVE-2019-5786 Vulnerability in npm package puppeteer

Severity

Medium

Classification

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Vendor Advisory NVD-CWE-noinfo