DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

GHSA-Q6GH-6V2R-HJV3: GHSA-Q6GH-6V2R-HJV3: Cross-Origin Credential Leakage in Micronaut HTTP Client

GHSA-Q6GH-6V2R-HJV3: Cross-Origin Credential Leakage in Micronaut HTTP Client

Vulnerability ID: GHSA-Q6GH-6V2R-HJV3
CVSS Score: 8.8
Published: 2026-07-09

An information disclosure vulnerability exists in the Micronaut Framework's HTTP client components. The client fails to clear sensitive authorization headers and cookies when following redirects across different origins. If an application using the vulnerable client communicates with an endpoint that issues a redirect to an external host, the client will forward the original credentials, leading to potential token theft and session hijacking.

TL;DR

The Micronaut HTTP client fails to strip sensitive headers like Authorization and Cookie during cross-origin redirects, allowing attackers to hijack sessions via open redirects or malicious endpoints.


⚠️ Exploit Status: POC

Technical Details

  • CWE ID: CWE-200 / CWE-522
  • Attack Vector: Network (Cross-Origin Redirects)
  • CVSS Severity Score: 8.8
  • EPSS Score: N/A
  • Exploit Status: PoC available in test suites
  • CISA KEV Status: Not Listed

Affected Systems

  • Micronaut Framework HTTP Client
  • io.micronaut:micronaut-http-client
  • io.micronaut:micronaut-http-client-core
  • micronaut-http-client: < 3.10.4 (Fixed in: 3.10.4)
  • micronaut-http-client-core: < 3.10.4 (Fixed in: 3.10.4)
  • micronaut-http-client: >= 4.0.0, < 4.0.1 (Fixed in: 4.0.1)

Code Analysis

Commit: 64e5397

Strip cross-origin headers during redirects in Micronaut Core 3.x

Commit: 70cab4b

Fix credential leaks across domains in Micronaut Core 4.x

Commit: 9770328

Refactor redirect header filter mechanisms in Netty-based client

Mitigation Strategies

  • Upgrade Micronaut Core framework to a patched release
  • Disable automatic HTTP redirect following in application configurations
  • Explicitly configure custom security headers to be filtered during redirects

Remediation Steps:

  1. Identify all service dependencies relying on io.micronaut:micronaut-http-client or io.micronaut:micronaut-http-client-core
  2. Update build configuration files (pom.xml or build.gradle) to reference the patched versions of Micronaut
  3. Review application configurations (application.yml or application.properties) and ensure custom API token headers are added to the cross-origin filter list

References


Read the full report for GHSA-Q6GH-6V2R-HJV3 on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)