Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-31684

Reactor Netty HTTP Server, in versions 1.0.11 - 1.0.23, may log request headers in some cases of invalid HTTP requests. The logged headers may reveal valid access tokens to those with access to server logs. This may affect only invalid HTTP requests where logging at WARN level is enabled.

Published

2022-10-19T22:15:10.237

Last Modified

2025-05-09T15:15:53.317

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.3 (MEDIUM)

Weaknesses

Type: Primary
NVD-CWE-noinfo
Type: Secondary
CWE-532

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	pivotal	reactor_netty	≤ 1.0.23	Yes

References

https://tanzu.vmware.com/security/cve-2022-31684 Vendor Advisory ([email protected])
https://tanzu.vmware.com/security/cve-2022-31684 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)