CVE-2020-5403

HIGH

Pivotal Reactor Netty < 0.9.5 - Improper Exception Handling

Title source: rule

Description

Reactor Netty HttpServer, versions 0.9.3 and 0.9.4, is exposed to a URISyntaxException that causes the connection to be closed prematurely instead of producing a 400 response.

References (1)

[Vendor Advisory] https://pivotal.io/security/cve-2020-5403

Scores

CVSS v3 7.5

EPSS 0.0033

EPSS Percentile 55.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-755 CWE-20

Status published

Affected Products (3)

pivotal/reactor_netty

io.projectreactor.netty/reactor-netty-http < 0.9.5Maven

Timeline

Published Mar 03, 2020

Tracked Since Feb 18, 2026