3 matches found
CVE-2026-34518
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, when following redirects to a different origin, aiohttp drops the Authorization header, but retains the Cookie and Proxy-Authorization headers. This issue has been patched in version 3.13.4...
PT-2025-12455
Name of the Vulnerable Software and Affected Versions golang-jwt versions prior to 4.5.2 golang-jwt versions prior to 5.2.2 Description The issue affects the parse.ParseUnverified function, which splits untrusted data on periods. This can lead to allocations of On bytes when faced with a maliciou...
SUSE-SU-2020:1792-1 Security update for python3-requests
This update for python3-requests provides the following fix: python-requests was updated to 2.20.1. Update to version 2.20.1: Fixed bug with unintended Authorization header stripping for redirects using default ports http/80, https/443. Update to version 2.20.0: Bugfixes + Content-Type header...