Pivotal Reactor Netty
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Pivotal Reactor Netty.
By the Year
In 2026 there have been 0 vulnerabilities in Pivotal Reactor Netty. Reactor Netty did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 0 | 0.00 |
| 2023 | 2 | 7.50 |
| 2022 | 1 | 4.30 |
| 2021 | 0 | 0.00 |
| 2020 | 2 | 6.70 |
| 2019 | 1 | 8.60 |
It may take a day or so for new Reactor Netty vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Pivotal Reactor Netty Security Vulnerabilities
Reactor Netty HTTP Server DoS via crafted HTTP requests (before 1.1.13, 1.0.39)
CVE-2023-34054
7.5 - High
- November 28, 2023
In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable if Reactor Netty HTTP Server built-in integration with Micrometer is enabled.
Reactor Netty HTTP <1.1.13: Directory Traversal via crafted URL
CVE-2023-34062
7.5 - High
- November 15, 2023
In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, a malicious user can send a request using a specially crafted URL that can lead to a directory traversal attack. Specifically, an application is vulnerable if Reactor Netty HTTP Server is configured to serve static resources.
Directory traversal
Reactor Netty 1.0.111.0.23 Header Log Disclosure of Tokens
CVE-2022-31684
4.3 - Medium
- October 19, 2022
Reactor Netty HTTP Server, in versions 1.0.11 - 1.0.23, may log request headers in some cases of invalid HTTP requests. The logged headers may reveal valid access tokens to those with access to server logs. This may affect only invalid HTTP requests where logging at WARN level is enabled.
Reactor Netty HttpServer, versions 0.9.3 and 0.9.4, is exposed to a URISyntaxException
CVE-2020-5403
7.5 - High
- March 03, 2020
Reactor Netty HttpServer, versions 0.9.3 and 0.9.4, is exposed to a URISyntaxException that causes the connection to be closed prematurely instead of producing a 400 response.
Improper Handling of Exceptional Conditions
The HttpClient from Reactor Netty
CVE-2020-5404
5.9 - Medium
- March 03, 2020
The HttpClient from Reactor Netty, versions 0.9.x prior to 0.9.5, and versions 0.8.x prior to 0.8.16, may be used incorrectly, leading to a credentials leak during a redirect to a different domain. In order for this to happen, the HttpClient must have been explicitly configured to follow redirects.
Insufficiently Protected Credentials
Pivotal Reactor Netty, versions prior to 0.8.11, passes headers through redirects, including authorization ones
CVE-2019-11284
8.6 - High
- October 17, 2019
Pivotal Reactor Netty, versions prior to 0.8.11, passes headers through redirects, including authorization ones. A remote unauthenticated malicious user may gain access to credentials for a different server than they have access to.
Insufficiently Protected Credentials
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Pivotal Reactor Netty or by Pivotal? Click the Watch button to subscribe.
