Description

Reactor Netty HTTP Server, in versions 1.0.11 - 1.0.23, may log request headers in some cases of invalid HTTP requests. The logged headers may reveal valid access tokens to those with access to server logs. This may affect only invalid HTTP requests where logging at WARN level is enabled.

Remediation

References

https://tanzu.vmware.com/security/cve-2022-31684

Related Vulnerabilities

CVE-2022-34783 Vulnerability in maven package org.jenkins-ci.plugins:plot

CVE-2016-6795 Vulnerability in maven package org.apache.struts:struts2-core

CVE-2013-2160 Vulnerability in maven package org.apache.cxf:cxf-parent

CVE-2023-41167 Vulnerability in npm package @webiny/react-rich-text-renderer

CVE-2016-4055 Vulnerability in maven package org.fujion.webjars:moment

Severity

Medium

Classification

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Vendor Advisory NVD-CWE-noinfo