GHSA-3X9G-8VMP-WQVF Tornado: Authorization header forwarded across cross-origin redirects in SimpleAsyncHTTPClient

Summary When SimpleAsyncHTTPClient follows a 3xx redirect, it shallow-copies the original HTTPRequest, rewrites the URL, decrements maxredirects, and removes only the Host header. It does not clear Authorization, authusername, authpassword, or authmode when the redirect target changes origin. As ...

Tornado: Authorization header forwarded across cross-origin redirects in SimpleAsyncHTTPClient

Summary When SimpleAsyncHTTPClient follows a 3xx redirect, it shallow-copies the original HTTPRequest, rewrites the URL, decrements maxredirects, and removes only the Host header. It does not clear Authorization, authusername, authpassword, or authmode when the redirect target changes origin. As ...

GHSA-QXH6-94W6-9R5P @angular/service-worker: Sensitive Header Leakage on Cross-Origin Redirects in Angular Service Worker

An information disclosure vulnerability exists in the @angular/service-worker package of the Angular framework. When the Service Worker fetches assets, it preserves metadata such as headers from the original request. However, on cross-origin redirects, the Service Worker fails to strip sensitive...

CVE-2026-12200 Ritlabs TinyWeb Server Header libeay32.dll.html stack-based overflow

A security vulnerability has been detected in Ritlabs TinyWeb Server up to 1.94 on Win32. This impacts an unknown function in the library libeay32.dll.html of the component Header Handler. The manipulation of the argument Authorization leads to stack-based buffer overflow. The attack can be...

PT-2026-49580

An information disclosure vulnerability exists in the @angular/service-worker package of the Angular framework. When the Service Worker fetches assets, it preserves metadata such as headers from the original request. However, on cross-origin redirects, the Service Worker fails to strip sensitive...

SUSE CVE-2026-48856

Sensitive Data Exposure vulnerability in Erlang OTP inets httpcresponse module allows Retrieve Embedded Sensitive Data. The httpc client forwards the Authorization and Proxy-Authorization request headers to redirect targets without checking whether the redirect crosses an origin boundary...

CVE-2026-44486

Axios (Node.js) prior to 0.32.0 and 1.16.0 is vulnerable to leaking Proxy-Authorization credentials to a redirect target when using an authenticated proxy and automatic redirects. If a request uses a proxy and follows a redirect that switches to a direct connection, a stale Proxy-Authorization he...

CVE-2026-44486 Axios: Proxy-Authorization header leaks to redirect target when proxy is re-evaluated to direct connection

Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios’ Node.js HTTP adapter can leak proxy credentials to a redirect target in affected versions. When a request is sent through an authenticated proxy, Axios may add a Proxy-Authorization header. If Axi...

CVE-2026-44489 Axios: Proxy-Authorization Header Injection via Prototype Pollution — Incomplete Null-Prototype Fix

Axios is a promise based HTTP client for the browser and Node.js. From 1.15.2 to before 1.16.0, nested objects created by utils.merge e.g., config.proxy are still constructed as plain with Object.prototype in their chain. The setProxy function at lib/adapters/http.js:209-223 reads proxy.username,...

CVE-2026-44489 Axios: Proxy-Authorization Header Injection via Prototype Pollution — Incomplete Null-Prototype Fix

Axios is a promise based HTTP client for the browser and Node.js. From 1.15.2 to before 1.16.0, nested objects created by utils.merge e.g., config.proxy are still constructed as plain with Object.prototype in their chain. The setProxy function at lib/adapters/http.js:209-223 reads proxy.username,...

CVE-2026-44489

Axios version range 1.15.2–1.15.x is vulnerable to a header injection via the Proxy-Authorization header. The root cause is that nested objects created by utils.merge() (e.g., config.proxy) retain plain {} with Object.prototype in their chain, and setProxy() in lib/adapters/http.js (lines ~209–22...

CVE-2026-5078

A flaw was found in the morgan HTTP request logging middleware versions 1.2.0 through 1.10.1. The :remote-user token writes the Basic auth username to access logs without neutralizing CR/LF control characters. An unauthenticated remote attacker can inject forged log lines via a crafted...

keycloak: Keycloak: Denial of Service via malformed Authorization header

A flaw was found in Keycloak's ClientRegistrationAuth component. A remote unauthenticated attacker can exploit this vulnerability by sending a specially crafted POST request with a malformed 'Authorization: Bearer' header to any client registration endpoint. This can lead to an...

CVE-2026-48856

Sensitive Data Exposure vulnerability in Erlang OTP inets httpcresponse module allows Retrieve Embedded Sensitive Data. The httpc client forwards the Authorization and Proxy-Authorization request headers to redirect targets without checking whether the redirect crosses an origin boundary...

EEF-CVE-2026-48856 httpc leaks Authorization header to cross-origin redirect targets

Summary Sensitive Data Exposure vulnerability in Erlang OTP inets httpc\response module allows Retrieve Embedded Sensitive Data. The httpc client forwards the Authorization and Proxy-Authorization request headers to redirect targets without checking whether the redirect crosses an origin boundary...

CVE-2026-48856 httpc leaks Authorization header to cross-origin redirect targets

Sensitive Data Exposure vulnerability in Erlang OTP inets httpcresponse module allows Retrieve Embedded Sensitive Data. The httpc client forwards the Authorization and Proxy-Authorization request headers to redirect targets without checking whether the redirect crosses an origin boundary...

EUVD-2026-36058

Sensitive Data Exposure vulnerability in Erlang OTP inets httpcresponse module allows Retrieve Embedded Sensitive Data. The httpc client forwards the Authorization and Proxy-Authorization request headers to redirect targets without checking whether the redirect crosses an origin boundary...

CVE-2026-48856

This CVE affects Erlang OTP inets (httpc_response) where cross-origin 3xx redirects copy Authorization and Proxy-Authorization headers to the redirect target, enabling credential theft. Root cause: httpc_response:redirect/2 only updates the host field; other header fields are copied, with autored...

Erlang/OTP 输入验证错误漏洞

Erlang/OTP is an open-source JavaScript library for handling exceptions. This library can catch exceptions caused by Node.js’s built-in APIs. Versions of Erlang/OTP between 5.10 and 9.7.1, 9.6.2.2, and 9.3.2.6 have a vulnerability related to input validation errors. This vulnerability arises...

PT-2026-48464

Summary Sensitive Data Exposure vulnerability in Erlang OTP inets httpc response module allows Retrieve Embedded Sensitive Data. The httpc client forwards the Authorization and Proxy-Authorization request headers to redirect targets without checking whether the redirect crosses an origin boundary...