CVE-2022-31684

Published: Oct 19, 2022Modified: May 9, 2025

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

Reactor Netty HTTP Server, in versions 1.0.11 - 1.0.23, may log request headers in some cases of invalid HTTP requests. The logged headers may reveal valid access tokens to those with access to server logs. This may affect only invalid HTTP requests where logging at WARN level is enabled.

Affected (1)

Products: Pivotal: Reactor Netty

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Pivotal Reactor Netty	From 1.0.11 to 1.0.23

Related CWEs

Insertion of Sensitive Information into Log File

Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.

References (2)

https://tanzu.vmware.com/security/cve-2022-31684

Source: security@vmware.com

Vendor Advisory

https://tanzu.vmware.com/security/cve-2022-31684

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.