88 matches found
CVE-2026-22797
An issue was discovered in OpenStack keystonemiddleware 10.5 through 10.7 before 10.7.2, 10.8 and 10.9 before 10.9.1, and 10.10 through 10.12 before 10.12.1. The externaloauth2token middleware fails to sanitize incoming authentication headers before processing OAuth 2.0 tokens. By sending forged...
OpenStack Keystone Middleware security vulnerabilities
OpenStack Keystone Middleware is a core certification component of the OpenStack open-source project. Vulnerabilities exist in versions prior to 10.7.2, 10.9.1, and 10.12.1 of OpenStack Keystone Middleware. These vulnerabilities stem from uncleaned authentication headers, which may lead to...
CVE-2026-22797
CVE-2026-22797 : OpenStack keystonemiddleware vulnerable to header sanitization flaw in external_oauth2_token middleware. Attackers can forge identity headers (X-Is-Admin-Project, X-Roles, X-User-Id) to escalate privileges or impersonate other users, impacting all deployments using this middlewar...
EUVD-2015-5901
Malware in sbrugna...
EUVD-2021-0098
Malware in sbrugna...
EUVD-2021-21876
Malware in sbrugna...
EUVD-2024-0479
Malicious code in bioql PyPI...
Google Go 安全漏洞
Google Go is a static strongly typed, compiled, concatenated, and garbage-collected programming language from Google USA. A security vulnerability exists in Google Go that stems from Proxy-Authorization and Proxy-Authenticate header persistence, which could lead to the disclosure of sensitive...
USN-7490-3 libsoup3 vulnerabilities
USN-7490-1 fixed vulnerabilities in libsoup2.4. This update provides the corresponding updates for libsoup3. Original advisory details: Tan Wei Chong discovered that libsoup incorrectly handled memory when parsing HTTP request headers. An attacker could possibly use this issue to send a malicious...
USN-7490-1: libsoup vulnerabilities
Tan Wei Chong discovered that libsoup incorrectly handled memory when parsing HTTP request headers. An attacker could possibly use this issue to send a maliciously crafted HTTP request to the server, causing a denial of service. CVE-2025-32906 Alon Zahavi discovered that libsoup incorrectly parse...
USN-7490-1 libsoup2.4 vulnerabilities
Tan Wei Chong discovered that libsoup incorrectly handled memory when parsing HTTP request headers. An attacker could possibly use this issue to send a maliciously crafted HTTP request to the server, causing a denial of service. CVE-2025-32906 Alon Zahavi discovered that libsoup incorrectly parse...
CVE-2025-1736 Stream HTTP wrapper header check might omit basic auth header
In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when user-supplied headers are sent, the insufficient validation of the end-of-line characters may prevent certain headers from being sent or lead to certain headers be misinterpreted...
CVE-2024-40704
IBM InfoSphere Information Server 11.7 could allow a privileged user to obtain sensitive information from authentication request headers. IBM X-Force ID: 298277...
IBM InfoSphere Information Server 安全漏洞
IBM InfoSphere Information Server is a set of data integration platforms from International Business Machines IBM. The platform can be used to integrate data information obtained from various sources. An information disclosure vulnerability exists in IBM InfoSphere Information Server version 11.7...
follow-redirects: Possible credential leak
A vulnerability was found in the follow-redirects package. While processing the cross-domain redirection, follow-redirects clears authorization headers, however, it misses clearing proxy-authentication headers, which contain credentials as well. This issue may lead to credential leaking, having a...
follow-redirects: Possible credential leak
A vulnerability was found in the follow-redirects package. While processing the cross-domain redirection, follow-redirects clears authorization headers, however, it misses clearing proxy-authentication headers, which contain credentials as well. This issue may lead to credential leaking, having a...
SUSE CVE-2024-24758
Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici already cleared Authorization headers on cross-origin redirects, but did not clear Proxy-Authentication headers. This issue has been patched in versions 5.28.3 and 6.6.1. Users are advised to upgrade. There are no known...
UBUNTU-CVE-2024-24758
Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici already cleared Authorization headers on cross-origin redirects, but did not clear Proxy-Authentication headers. This issue has been patched in versions 5.28.3 and 6.6.1. Users are advised to upgrade. There are no known...
CVE-2024-24758 Proxy-Authorization header not cleared on cross-origin redirect in fetch in Undici
Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici already cleared Authorization headers on cross-origin redirects, but did not clear Proxy-Authentication headers. This issue has been patched in versions 5.28.3 and 6.6.1. Users are advised to upgrade. There are no known...
PT-2024-2689 · Node.Js +4 · Undici +4
Name of the Vulnerable Software and Affected Versions: Undici versions prior to 5.28.3 Undici versions prior to 6.6.1 Description: The issue is related to insufficient protection of service data due to incorrect clearing of Proxy-Authentication headers in the Undici HTTP/1.1 client for Node.js...