CVE-2022-31684 Reactor Netty HTTP Server may log request headers in some cases of invalid HTTP requests. This may reveal valid access tokens to those with access to server logs.
- In versions 1.0.11 - 1.0.23, it was possible for the HTTP server to stop responding for a few moments when receiving a request for a large file, resulting in a server crash. This may affect only servers with a large number of files.
- In versions 1.0.11 - 1.0.23, it was possible for the HTTP server to stop responding for a few moments when receiving a request for a large file, resulting in a server crash. This may affect only servers with a large number of files. - In versions 1.0.6 - 1.0.10, an issue occurred when using a custom HTTP header with an alternative name to the standard "Access-Control-Allow-Headers" header. An unexpected response may be sent to the client that requested the non-standard "Access-Control-Allow-Headers" header. - In versions 1.0.6 - 1.0.10, an issue occurred when using a custom HTTP header with an alternative name to the standard "Access-Control-Allow-Headers" header. An unexpected response may be sent to the client that requested the non-standard "Access-Control-Allow-Headers" header. - In versions 1.0.6 - 1.0.10, an issue occurred when using a custom HTTP header with an alternative name to the standard "Access-Control-Allow-Headers" header. An unexpected response
What to do if you are affected?
- In versions 1.0.6 - 1.0.10, an issue occurred when using a custom HTTP header with an alternative name to the standard "Access-Control-Allow-Headers" header. An unexpected response may be sent to the client that requested the non-standard "Access-Control-Allow-Headers" header.
- In versions 1.0.6 - 1.0.10, an issue occurred when using a custom HTTP header with an alternative name to the standard "Access-Control-Allow-Headers" header. An unexpected response may be sent to the client that requested the non-standard "Access-Control-Allow-Headers" header
Varnish config file code
Make sure Varnish is configured to use the cache as a backend.
cache_backend varnish
# In order to improve performance, you must disable keep alive connections on the frontend
frontend http-request set-header X-Accel-Redirect "true"
Timeline
Published on: 10/19/2022 22:15:00 UTC
Last modified on: 10/21/2022 18:08:00 UTC