Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…

GHSA-q6gh-6v2r-hjv3: Micronaut: DefaultHttpClient follows redirects, forwarding Authorization, Cookie, and Proxy-Authorization headers

0
Medium
Published: 07/09/2026 (07/09/2026, 13:36:56 UTC)
Source: GCVE Database
Product: io.micronaut:micronaut-http-client

Description

The Micronaut DefaultHttpClient component improperly forwards sensitive headers such as Authorization, Cookie, and Proxy-Authorization to redirect targets across different domains. Additionally, it lacks a maximum redirect count, allowing potential infinite redirect loops causing denial of service. This behavior affects versions prior to patched releases in Micronaut 3, 4, and 5.

CVSS v3.1

Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
None
Availability
None
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

Affected software

Mavenghsa
io.micronaut:micronaut-http-client
Affected versions
>=1.2.8 <3.10.6
Mavenghsa
io.micronaut:micronaut-http-client
Affected versions
>=4.0.0-M1 <4.10.24
Mavenghsa
io.micronaut:micronaut-http-client
Affected versions
>=5.0.0-M1 <5.0.1

Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.

AI-Powered Analysis

Machine-generated threat intelligence

AILast updated: 07/09/2026, 14:03:25 UTC

Technical Analysis

The vulnerability in Micronaut's DefaultHttpClient causes it to follow HTTP redirects while forwarding sensitive headers (Authorization, Cookie, Proxy-Authorization) to redirect targets even across domain boundaries. The implemented blocklist only filters certain headers (Host, Connection, TE, CT, CL), which is insufficient to prevent leakage of sensitive credentials. Furthermore, the client does not enforce a maximum redirect count, enabling attackers to trigger infinite redirect loops leading to denial of service. The issue affects DefaultHttpClient.java in specified lines and has been addressed by stripping sensitive headers on cross-domain redirects in patched versions of Micronaut 3.10.6 and later, 4.10.24 and later, and 5.0.1 and later.

Potential Impact

Sensitive authentication headers can be leaked to unintended domains during HTTP redirects, potentially exposing credentials or session tokens. The lack of a maximum redirect count allows attackers to cause infinite redirect loops, resulting in denial of service conditions. The vulnerability does not impact data integrity or availability beyond the described denial of service and confidentiality risks.

Mitigation Recommendations

Official patches are available and should be applied to remediate this vulnerability. Upgrade to Micronaut versions 3.10.6 or later, 4.10.24 or later, or 5.0.1 or later, depending on your major version. No workarounds are provided. Applying these updates will ensure sensitive headers are stripped on cross-domain redirects and that redirect loops are prevented by enforcing a maximum redirect count.

Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro

Technical Details

Gcve Source
db.gcve.eu
Osv Id
GHSA-q6gh-6v2r-hjv3
Osv Schema Version
1.4.0
Aliases
[]
Ecosystems
["Maven"]
Database Specific Severity
MODERATE
Cvss Version
3.1

Threat ID: 6a4fa9a168715ace437d3dd8

Added to database: 07/09/2026, 14:01:05 UTC

Last enriched: 07/09/2026, 14:03:25 UTC

Last updated: 07/09/2026, 18:17:32 UTC

Views: 9

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

Need more coverage?

Upgrade to Pro Console for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses