An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match.
CPE | Name | Operator | Version |
---|---|---|---|
qtbase | eq | 5.11.0-beta3 | |
qtbase | eq | 5.0.0-beta2 | |
qtbase | eq | 5.4.0-beta1 | |
qtbase | eq | 5.4.0-alpha1 | |
qtbase | eq | 5.6.0-beta1 | |
qtbase | eq | 5.13.0-rc1 | |
qtbase | eq | 5.0.2 | |
qtbase | eq | 5.6.0 | |
qtbase | eq | 5.15.0-alpha1 | |
qtbase | eq | 5.14.0-beta3 |