CVE-2019-11284 (Medium) detected in reactor-netty-0.8.3.RELEASE.jar #68

mend-bolt-for-github · 2019-11-05T05:03:23Z

CVE-2019-11284 - Medium Severity Vulnerability

Vulnerable Library - reactor-netty-0.8.3.RELEASE.jar

Reactive Streams Netty driver

Library home page: https://github.com/reactor/reactor-netty

Path to dependency file: /tmp/ws-scm/spring-boot/spring-boot-project/spring-boot-starters/spring-boot-starter-reactor-netty/pom.xml

Path to vulnerable library: epository/io/projectreactor/netty/reactor-netty/0.8.3.RELEASE/reactor-netty-0.8.3.RELEASE.jar,epository/io/projectreactor/netty/reactor-netty/0.8.3.RELEASE/reactor-netty-0.8.3.RELEASE.jar

Dependency Hierarchy:

❌ reactor-netty-0.8.3.RELEASE.jar (Vulnerable Library)

Found in HEAD commit: ff6239fe2fe61679febdc15a3fd46b7af38e5cfb

Vulnerability Details

Pivotal Reactor Netty, versions prior to 0.8.11, passes headers through redirects, including authorization ones. A remote unauthenticated malicious user may gain access to credentials for a different server than they have access to.

Publish Date: 2019-10-17

URL: CVE-2019-11284

CVSS 2 Score Details (5.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11284

Release Date: 2019-10-17

Fix Resolution: 0.8.11

mend-bolt-for-github bot added the security vulnerability Security vulnerability detected by WhiteSource label Nov 5, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CVE-2019-11284 (Medium) detected in reactor-netty-0.8.3.RELEASE.jar #68

CVE-2019-11284 (Medium) detected in reactor-netty-0.8.3.RELEASE.jar #68

mend-bolt-for-github bot commented Nov 5, 2019

CVE-2019-11284 (Medium) detected in reactor-netty-0.8.3.RELEASE.jar #68

CVE-2019-11284 (Medium) detected in reactor-netty-0.8.3.RELEASE.jar #68

Comments

mend-bolt-for-github bot commented Nov 5, 2019

CVE-2019-11284 - Medium Severity Vulnerability