io.projectreactor.netty:reactor-netty-http
Maven5 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting io.projectreactor.netty:reactor-netty-httppage 1 of 1
- CVE-2020-5403HIGHCVSS 7.5EG 7.5✓ Fixed in 0.9.52020-03-03
Reactor Netty HttpServer, versions 0.9.3 and 0.9.4, is exposed to a URISyntaxException that causes the connection to be closed prematurely instead of producing a 400 response.
- CVE-2020-5404MEDIUMCVSS 5.9EG 5.9✓ Fixed in 0.8.162020-03-03
The HttpClient from Reactor Netty, versions 0.9.x prior to 0.9.5, and versions 0.8.x prior to 0.8.16, may be used incorrectly, leading to a credentials leak during a redirect to a different domain. In order for this to happen, the HttpClie…
- CVE-2022-31684MEDIUMCVSS 4.3EG 4.3✓ Fixed in 1.0.242022-10-19
vulnerable: 1.0.11 ... 1.0.23 (13 versions)
Reactor Netty HTTP Server, in versions 1.0.11 - 1.0.23, may log request headers in some cases of invalid HTTP requests. The logged headers may reveal valid access tokens to those with access to server logs. This may affect only invalid HTT…
- CVE-2023-34062HIGHCVSS 7.5EG 7.5✓ Fixed in 1.0.392023-11-15
vulnerable: 1.0.0 ... 1.0.9 (39 versions)
In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, a malicious user can send a request using a specially crafted URL that can lead to a directory traversal attack. Specifically, an application…
- CVE-2025-22227MEDIUMCVSS 6.1EG 6.1✓ Fixed in 1.2.82025-07-16
vulnerable: 1.0.0 ... 1.2.7 (89 versions)
In some specific scenarios with chained redirects, Reactor Netty HTTP client leaks credentials. In order for this to happen, the HTTP client must have been explicitly configured to follow redirects.
Check whether io.projectreactor.netty:reactor-netty-http is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for io.projectreactor.netty:reactor-netty-http CVEs against the assets you own.
Start Free Scan →