Pivotal Reactor Netty, versions before 0.8.11, passes headers through redirects, including authorization ones. A remote unauthenticated malicious user may gain access to credentials for a different server than they have access to.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
pivotal reactor netty |