Description
Pivotal Reactor Netty, versions prior to 0.8.11, passes headers through redirects, including authorization ones. A remote unauthenticated malicious user may gain access to credentials for a different server than they have access to.
Remediation
References
https://pivotal.io/security/cve-2019-11284
Related Vulnerabilities
CVE-2023-37912 Vulnerability in maven package org.xwiki.rendering:xwiki-rendering-macro-footnotes
CVE-2023-40340 Vulnerability in maven package org.jenkins-ci.plugins:nodejs
CVE-2016-3092 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core
CVE-2020-26217 Vulnerability in maven package org.jvnet.hudson:xstream
CVE-2018-1000170 Vulnerability in maven package org.jenkins-ci.main:jenkins-core