GHSA-pfc9-2cqg-9wq6MediumCVSS 6.1

In specific scenarios involving HTTP redirects from a secure to an insecure endpoint, the Reactor...

Published
June 9, 2026
Last Modified
June 9, 2026

🔗 CVE IDs covered (1)

📋 Description

In specific scenarios involving HTTP redirects from a secure to an insecure endpoint, the Reactor Netty HTTP client may leak credentials. In order for this to happen, the HTTP client must have been explicitly configured to follow redirects.

Affected versions: Reactor Netty 1.0.0 through 1.0.51; 1.1.0 through 1.1.35; 1.2.0 through 1.2.17; 1.3.0 through 1.3.5.

🔗 References (3)