Daniel Spruth

**Name of the Vulnerable Software and Affected Versions** Reactor Netty HttpClient versions 0.9.x prior to 0.9.5 Reactor Netty HttpClient versions 0.8.x prior to 0.8.16 **Description** The issue may lead to a credentials leak during a redirect to a different domain if the HttpClient is explicitly configured to follow redirects. **Recommendations** For Reactor Netty HttpClient versions 0.9.x prior to 0.9.5, update to version 0.9.5 or later to resolve the issue. For Reactor Netty HttpClient versions 0.8.x prior to 0.8.16, update to version 0.8.16 or later to resolve the issue. As a temporary workaround, consider disabling the redirect follow configuration in the HttpClient until a patch is available.