Get ahead
VMware offers training and certification to turbo-charge your progress.
Learn moreSpring Security Advisories
CVE-2019-11284: Reactor Netty authentication leak in redirects
Description
Pivotal Reactor Netty, versions prior to 0.8.11, passes headers through redirects, including authorization ones. A remote unauthenticated malicious user may gain access to credentials for a different server than they have access to.
Affected Spring Products and Versions
Mitigation
Credit
History
- 2019-10-11: Initial vulnerability report published.
Reporting a vulnerability
To report a security vulnerability for a project within the Spring portfolio, see the Security Policy
Get support
Tanzu Spring Runtime offers support and binaries for OpenJDK™, Spring, and Apache Tomcat® in one simple subscription.
Learn moreUpcoming events
Check out all the upcoming events in the Spring community.
View all