Reactor Netty HTTP Server, in versions 1.0.11 - 1.0.23, may log request headers in some cases of invalid HTTP requests. The logged headers may reveal valid access tokens to those with access to server logs. This may affect only invalid HTTP requests where logging at WARN level is enabled.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: vmware

Published: 2022-10-19T00:00:00

Updated: 2024-08-03T07:26:01.025Z

Reserved: 2022-05-25T00:00:00

Link: CVE-2022-31684

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-10-19T22:15:10.237

Modified: 2024-11-21T07:05:07.500

Link: CVE-2022-31684

cve-icon Redhat

Severity : Low

Publid Date: 2022-10-20T00:00:00Z

Links: CVE-2022-31684 - Bugzilla