9 matches found
EUVD-2024-0479
Malicious code in bioql PyPI...
Google Go 安全漏洞
Google Go is a static strongly typed, compiled, concatenated, and garbage-collected programming language from Google USA. A security vulnerability exists in Google Go that stems from Proxy-Authorization and Proxy-Authenticate header persistence, which could lead to the disclosure of sensitive...
follow-redirects: Possible credential leak
A vulnerability was found in the follow-redirects package. While processing the cross-domain redirection, follow-redirects clears authorization headers, however, it misses clearing proxy-authentication headers, which contain credentials as well. This issue may lead to credential leaking, having a...
follow-redirects: Possible credential leak
A vulnerability was found in the follow-redirects package. While processing the cross-domain redirection, follow-redirects clears authorization headers, however, it misses clearing proxy-authentication headers, which contain credentials as well. This issue may lead to credential leaking, having a...
SUSE CVE-2024-24758
Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici already cleared Authorization headers on cross-origin redirects, but did not clear Proxy-Authentication headers. This issue has been patched in versions 5.28.3 and 6.6.1. Users are advised to upgrade. There are no known...
UBUNTU-CVE-2024-24758
Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici already cleared Authorization headers on cross-origin redirects, but did not clear Proxy-Authentication headers. This issue has been patched in versions 5.28.3 and 6.6.1. Users are advised to upgrade. There are no known...
CVE-2024-24758 Proxy-Authorization header not cleared on cross-origin redirect in fetch in Undici
Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici already cleared Authorization headers on cross-origin redirects, but did not clear Proxy-Authentication headers. This issue has been patched in versions 5.28.3 and 6.6.1. Users are advised to upgrade. There are no known...
PT-2024-2689 · Node.Js +4 · Undici +4
Name of the Vulnerable Software and Affected Versions: Undici versions prior to 5.28.3 Undici versions prior to 6.6.1 Description: The issue is related to insufficient protection of service data due to incorrect clearing of Proxy-Authentication headers in the Undici HTTP/1.1 client for Node.js...
FreeBSD : privoxy -- malicious server spoofing as proxy vulnerability (ad82b0e9-c3d6-11e5-b5fe-002590263bf5)
Privoxy Developers reports : Proxy authentication headers are removed unless the new directive enable-proxy-authentication-forwarding is used. Forwarding the headers potentially allows malicious sites to trick the user into providing them with login information. Reported by Chris John Riley...