Reactor Netty HttpServer, versions 0.9.3 and 0.9.4, is exposed to a URISyntaxException that causes the connection to be closed prematurely instead of producing a 400 response.

Affected Packages

Maven io.projectreactor.netty:reactor-netty-http

Affected versions: 0.9.3 (fixed in 0.9.5)

Related CVEs

CVE-2020-5403

Key Information

GHSA ID

GHSA-hp5x-rqf7-43vf

Published

February 10, 2022 8:24 PM

Last Modified

September 21, 2022 7:22 PM

CVSS Score

7.5 /10

Primary Ecosystem

Maven

Primary Package

io.projectreactor.netty:reactor-netty-http

GitHub Reviewed

✓ Yes

Dataset

Last updated: July 6, 2025 6:30 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.