5 matches found
GHSA-F2WF-25XC-69C9 Failure to strip the Cookie header on change in host or HTTP downgrade
Impact Cookie headers on requests are sensitive information. On making a request using the https scheme to a server which responds with a redirect to a URI with the http scheme, or on making a request to a server which responds with a redirect to a a URI to a different host, we should not forward...
GHSA-W248-FFJ2-4V5Q Fix failure to strip Authorization header on HTTP downgrade
Impact Authorization headers on requests are sensitive information. On making a request using the https scheme to a server which responds with a redirect to a URI with the http scheme, we should not forward the Authorization header on. This is much the same as to how we don't forward on the heade...
Fix failure to strip Authorization header on HTTP downgrade
Impact Authorization headers on requests are sensitive information. On making a request using the https scheme to a server which responds with a redirect to a URI with the http scheme, we should not forward the Authorization header on. This is much the same as to how we don't forward on the heade...
Failure to strip the Cookie header on change in host or HTTP downgrade
Impact Cookie headers on requests are sensitive information. On making a request using the https scheme to a server which responds with a redirect to a URI with the http scheme, or on making a request to a server which responds with a redirect to a a URI to a different host, we should not forward...
PT-2022-3247 · Guzzle +1 · Guzzle +1
Name of the Vulnerable Software and Affected Versions: Guzzle versions prior to 6.5.7 Guzzle versions prior to 7.4.4 Description: The Cookie headers on requests are sensitive information. When making a request using the https scheme to a server that responds with a redirect to a URI with the http...