Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Http-Client Security Vulnerabilities

cve
cve

CVE-2016-6286

The "spiffy-cgi-handlers" egg would convert a nonexistent "Proxy" header to the HTTP_PROXY environment variable, which would allow attackers to direct CGI programs which use this environment variable to use an attacker-specified HTTP proxy server (also known as a "httpoxy" attack). This affects all...

7.5CVSS

7.4AI Score

0.001EPSS

2017-01-10 03:59 PM
24
cve
cve

CVE-2016-6287

The "http-client" egg always used a HTTP_PROXY environment variable to determine whether HTTP traffic should be routed via a proxy, even when running as a CGI process. Under several web servers this would mean a user-supplied "Proxy" header could allow an attacker to direct all HTTP requests throug...

7.5CVSS

7.3AI Score

0.001EPSS

2017-01-10 03:59 PM
14
cve
cve

CVE-2020-11021

Actions Http-Client (NPM @actions/http-client) before version 1.0.8 can disclose Authorization headers to incorrect domain in certain redirect scenarios. The conditions in which this happens are if consumers of the http-client: 1. make an http request with an authorization header 2. that request le...

7.5CVSS

7.2AI Score

0.002EPSS

2020-04-29 06:15 PM
28