{"uuid": "ffe11cd3-0ed2-47c7-88b2-649abaedd1df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "GHSA-Q6GH-6V2R-HJV3", "type": "seen", "source": "https://gist.github.com/alon710/805d83c19fb4133434081d0b062a387f", "content": "# GHSA-Q6GH-6V2R-HJV3: GHSA-Q6GH-6V2R-HJV3: Cross-Origin Credential Leakage in Micronaut HTTP Client\n\n&gt; **CVSS Score:** 8.8\n&gt; **Published:** 2026-07-09\n&gt; **Full Report:** https://cvereports.com/reports/GHSA-Q6GH-6V2R-HJV3\n\n## Summary\nAn information disclosure vulnerability exists in the Micronaut Framework's HTTP client components. The client fails to clear sensitive authorization headers and cookies when following redirects across different origins. If an application using the vulnerable client communicates with an endpoint that issues a redirect to an external host, the client will forward the original credentials, leading to potential token theft and session hijacking.\n\n## TL;DR\nThe Micronaut HTTP client fails to strip sensitive headers like Authorization and Cookie during cross-origin redirects, allowing attackers to hijack sessions via open redirects or malicious endpoints.\n\n## Exploit Status: POC\n\n## Technical Details\n\n- **CWE ID**: CWE-200 / CWE-522\n- **Attack Vector**: Network (Cross-Origin Redirects)\n- **CVSS Severity Score**: 8.8\n- **EPSS Score**: N/A\n- **Exploit Status**: PoC available in test suites\n- **CISA KEV Status**: Not Listed\n\n## Affected Systems\n\n- Micronaut Framework HTTP Client\n- io.micronaut:micronaut-http-client\n- io.micronaut:micronaut-http-client-core\n- **micronaut-http-client**: &lt; 3.10.4 (Fixed in: `3.10.4`)\n- **micronaut-http-client-core**: &lt; 3.10.4 (Fixed in: `3.10.4`)\n- **micronaut-http-client**: &gt;= 4.0.0, &lt; 4.0.1 (Fixed in: `4.0.1`)\n\n## Mitigation\n\n- Upgrade Micronaut Core framework to a patched release\n- Disable automatic HTTP redirect following in application configurations\n- Explicitly configure custom security headers to be filtered during redirects\n\n**Remediation Steps:**\n1. Identify all service dependencies relying on io.micronaut:micronaut-http-client or io.micronaut:micronaut-http-client-core\n2. Update build configuration files (pom.xml or build.gradle) to reference the patched versions of Micronaut\n3. Review application configurations (application.yml or application.properties) and ensure custom API token headers are added to the cross-origin filter list\n\n## References\n\n- [Micronaut Core 3.x Commit Fix](https://github.com/micronaut-projects/micronaut-core/commit/64e539736b8168f201d868b02ace50fe14f57418)\n- [Micronaut Core 4.x Commit Fix (1)](https://github.com/micronaut-projects/micronaut-core/commit/70cab4b44fbf985faba2846091f2356b5bd70719)\n- [Micronaut Core 4.x Commit Fix (2)](https://github.com/micronaut-projects/micronaut-core/commit/9770328999f490bdfbb9e25addd45bf73d4a173a)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/GHSA-Q6GH-6V2R-HJV3) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-07-09T16:41:48.852694Z"}