CVE-2020-5404
Last modified
CVE-2020-5404 is a medium-severity vulnerability rated 5.9/10 on the CVSS scale. The HttpClient from Reactor Netty, versions 0.9.x prior to 0.9.5, and versions 0.8.x prior to 0.8.16, may be used incorrectly, leading to a credentials leak during a redirect to a different domain. In order for this to happen, the HttpClient must have been explicitly configured to follow redirects.. EPSS estimates a 0.65% chance of exploitation in the next 30 days.
Description
The HttpClient from Reactor Netty, versions 0.9.x prior to 0.9.5, and versions 0.8.x prior to 0.8.16, may be used incorrectly, leading to a credentials leak during a redirect to a different domain. In order for this to happen, the HttpClient must have been explicitly configured to follow redirects.
Metrics
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Pivotal | Reactor Netty | >= 0.8.0, <= 0.8.15 |
| Pivotal | Reactor Netty | >= 0.9.0, <= 0.9.4 |
References
- https://pivotal.io/security/cve-2020-5404Vendor Advisory
- https://pivotal.io/security/cve-2020-5404Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-5404?
How severe is CVE-2020-5404?
How do I fix CVE-2020-5404?
Are you affected by CVE-2020-5404?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST