admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-05-28 01:04:30 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2022/CVE-2022-31684.md
marc 555e9c7de4 Update Sat May 25 21:48:12 CEST 2024
2024-05-25 21:48:12 +02:00

19 lines
833 B
Markdown
Raw Permalink Blame History

### [CVE-2022-31684](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31684)
![](https://img.shields.io/static/v1?label=Product&message=Reactor%20Netty&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=HTTP%20Server%20may%20log%20request%20headers&color=brighgreen)
### Description
Reactor Netty HTTP Server, in versions 1.0.11 - 1.0.23, may log request headers in some cases of invalid HTTP requests. The logged headers may reveal valid access tokens to those with access to server logs. This may affect only invalid HTTP requests where logging at WARN level is enabled.
### POC
#### Reference
No PoCs from references.
#### Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/sr-monika/sprint-rest
Reference in New Issue View Git Blame Copy Permalink