Lucene search
K

5 matches found

OSV
OSV
added 2022/06/09 11:47 p.m.48 views

GHSA-F2WF-25XC-69C9 Failure to strip the Cookie header on change in host or HTTP downgrade

Impact Cookie headers on requests are sensitive information. On making a request using the https scheme to a server which responds with a redirect to a URI with the http scheme, or on making a request to a server which responds with a redirect to a a URI to a different host, we should not forward...

7.5CVSS7.5AI score0.0182EPSS
Exploits0References8
OSV
OSV
added 2022/06/09 11:47 p.m.34 views

GHSA-W248-FFJ2-4V5Q Fix failure to strip Authorization header on HTTP downgrade

Impact Authorization headers on requests are sensitive information. On making a request using the https scheme to a server which responds with a redirect to a URI with the http scheme, we should not forward the Authorization header on. This is much the same as to how we don't forward on the heade...

7.5CVSS7.4AI score0.0182EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2022/06/09 11:47 p.m.43 views

Fix failure to strip Authorization header on HTTP downgrade

Impact Authorization headers on requests are sensitive information. On making a request using the https scheme to a server which responds with a redirect to a URI with the http scheme, we should not forward the Authorization header on. This is much the same as to how we don't forward on the heade...

7.5CVSS7.3AI score0.0182EPSS
Exploits0References8Affected Software1
Friends Of PHP
Friends Of PHP
added 2022/06/09 9:36 p.m.25 views

Failure to strip the Cookie header on change in host or HTTP downgrade

Impact Cookie headers on requests are sensitive information. On making a request using the https scheme to a server which responds with a redirect to a URI with the http scheme, or on making a request to a server which responds with a redirect to a a URI to a different host, we should not forward...

7.5CVSS7.5AI score0.0182EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2022/06/09 12:0 a.m.3 views

PT-2022-3247 · Guzzle +1 · Guzzle +1

Name of the Vulnerable Software and Affected Versions: Guzzle versions prior to 6.5.7 Guzzle versions prior to 7.4.4 Description: The Cookie headers on requests are sensitive information. When making a request using the https scheme to a server that responds with a redirect to a URI with the http...

8.1CVSS5.9AI score0.0182EPSS
Exploits3References62
Rows per page
Query Builder