Information Disclosure in Reactor Netty HTTP Server by VMware
CVE-2022-31684
4.3MEDIUM
What is CVE-2022-31684?
The Reactor Netty HTTP Server from VMware has a vulnerability where it may log request headers during certain invalid HTTP request scenarios. When logging is set to WARN level, these logs could inadvertently expose valid access tokens to anyone who has access to the server logs. This situation poses a risk primarily in environments where improper HTTP requests occur, allowing unauthorized exposure of sensitive information.
Affected Version(s)
Reactor Netty Reactor Netty 1.0.11 to 1.0.23
