Reactor Netty
Approved changes feed: RSS · Atom
cpe:2.3:a:pivotal:reactor_netty:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Pivotal (c2eefbd5-173d-5b7c-b22b-5a5aa11c4b70) |
|---|---|
| Product | Reactor Netty (85b51a5e-be01-58f9-b184-db117859216c) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/reactor/reactor-netty |
purl2cpe | 2026-06-01 10:13:44.506908 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2023-34062 |
vulnerable | 2026-06-03 14:52:15.560798 |
Details available
HIGH (7.5)
In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, a malicious user can send a request using a specially crafted URL that can lead to a directory traversal attack.
Specifically, an application is vulnerable if Reactor Netty HTTP Server is configured to serve static resources.
Published: 2023-11-15T09:46:42.975Z
Updated: 2024-08-29T17:47:11.730Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-34054 |
vulnerable | 2026-06-03 14:52:15.531686 |
Reactor Netty HTTP Server Metrics DoS Vulnerability
MEDIUM (5.3)
In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition.
Specifically, an application is vulnerable if Reactor Netty HTTP Server built-in integration with Micrometer is enabled.
Published: 2023-11-28T08:16:14.361Z
Updated: 2024-08-02T16:01:52.415Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-31684 |
vulnerable | 2026-06-03 14:47:13.453966 |
Details available
Reactor Netty HTTP Server, in versions 1.0.11 - 1.0.23, may log request headers in some cases of invalid HTTP requests. The logged headers may reveal valid access tokens to those with access to server logs. This may affect only invalid HTTP requests where logging at WARN level is enabled.
Published: 2022-10-19T00:00:00.000Z
Updated: 2025-05-09T14:29:04.873Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-5404 |
vulnerable | 2026-06-03 14:42:56.393776 |
Authentication Leak On Redirect With Reactor Netty HttpClient
MEDIUM (6.5)
The HttpClient from Reactor Netty, versions 0.9.x prior to 0.9.5, and versions 0.8.x prior to 0.8.16, may be used incorrectly, leading to a credentials leak during a redirect to a different domain. In order for this to happen, the HttpClient must have been explicitly configured to follow redirects.
Published: 2020-03-03T17:55:13.953Z
Updated: 2024-09-17T01:02:01.211Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-5403 |
vulnerable | 2026-06-03 14:42:56.392224 |
DoS Via Malformed URL with Reactor Netty HTTP Server
MEDIUM (6.5)
Reactor Netty HttpServer, versions 0.9.3 and 0.9.4, is exposed to a URISyntaxException that causes the connection to be closed prematurely instead of producing a 400 response.
Published: 2020-03-03T18:25:14.205Z
Updated: 2024-09-17T00:00:46.313Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-11284 |
vulnerable | 2026-06-03 14:39:32.632746 |
Reactor Netty authentication leak in redirects
MEDIUM (6.8)
Pivotal Reactor Netty, versions prior to 0.8.11, passes headers through redirects, including authorization ones. A remote unauthenticated malicious user may gain access to credentials for a different server than they have access to.
Published: 2019-10-17T17:40:12.123Z
Updated: 2024-09-16T23:36:09.978Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.