309 matches found
Security Bulletin: Vulnerability in Node.js affects IBM watsonx.data
Summary Node.js follow-redirects module could allow a remote authenticated attacker to obtain sensitive information, caused by the leakage of credentials when clearing authorization header during cross-domain redirect, but keeping the proxy-authentication header. An attacker could exploit this...
CLSA-2024-1723795173 wget: Fix of CVE-2024-38428
CVE-2024-38428: properly re-implement userinfo parsing rfc2396 - Fix wget Test-proxied-https-auth.px and Test-proxied-https-auth.px tests failing - Providing wget -O and -q parameters while running in background generates a wget-log file...
follow-redirects: Possible credential leak
A vulnerability was found in the follow-redirects package. While processing the cross-domain redirection, follow-redirects clears authorization headers, however, it misses clearing proxy-authentication headers, which contain credentials as well. This issue may lead to credential leaking, having a...
follow-redirects: Possible credential leak
A vulnerability was found in the follow-redirects package. While processing the cross-domain redirection, follow-redirects clears authorization headers, however, it misses clearing proxy-authentication headers, which contain credentials as well. This issue may lead to credential leaking, having a...
The vulnerability in the HTTP/1.1 client of the Node.js software platform arises from insufficient protection of service data due to improper cleaning of Proxy-Authentication headers. This allows attackers to enhance their privileges.
The vulnerability of the HTTP/1.1 Undici software platform for Node.js is related to insufficient protection of service data due to improper cleaning of Proxy-Authentication headers. Exploiting this vulnerability can allow a remote attacker to increase their privileges...
Medium: nodejs
Issue Overview: NOTE: https://nodejs.org/en/blog/release/v18.19.1 NOTE: https://github.com/nodejs/node/commit/f31d47e135973746c4f490d5eb635eded8bb3dda v18.x NOTE: https://github.com/nodejs/node/commit/9052ef43dc2d1b0db340591a9bc9e45a25c01d90 main CVE-2024-22025 Undici is an HTTP/1.1 client, writt...
Credential Leakage
follow-redirects is vulnerable to Credential Leakage. The vulnerability is due to insufficient redaction of the proxy-authentication header when handing requests. If an attacker can trigger a cross domain redirect, they can capture the request header containing the sensitive proxy-auth header,...
DEBIAN-CVE-2024-28849
follow-redirects is an open source, drop-in replacement for Node's http and https modules that automatically follows redirects. In affected versions follow-redirects only clears authorization header during cross-domain redirect, but keep the proxy-authentication header which contains credentials...
AZL-44493 CVE-2024-28849 affecting package js-jquery 3.5.0-4
follow-redirects is an open source, drop-in replacement for Node's http and https modules that automatically follows redirects. In affected versions follow-redirects only clears authorization header during cross-domain redirect, but keep the proxy-authentication header which contains credentials...
AZL-43861 CVE-2024-28849 affecting package js-jquery 3.5.0-4
follow-redirects is an open source, drop-in replacement for Node's http and https modules that automatically follows redirects. In affected versions follow-redirects only clears authorization header during cross-domain redirect, but keep the proxy-authentication header which contains credentials...
UBUNTU-CVE-2024-28849
follow-redirects is an open source, drop-in replacement for Node's http and https modules that automatically follows redirects. In affected versions follow-redirects only clears authorization header during cross-domain redirect, but keep the proxy-authentication header which contains credentials...
CVE-2024-28849
follow-redirects is an open source, drop-in replacement for Node's http and https modules that automatically follows redirects. In affected versions follow-redirects only clears authorization header during cross-domain redirect, but keep the proxy-authentication header which contains credentials...
Follow Redirects Information Disclosure Vulnerability
Follow Redirects is a Node.js module that automatically follows Https redirects. An information disclosure vulnerability exists in versions of Follow Redirects prior to 1.15.6, which stems from the fact that follow-redirects only clears the authorization header during cross-domain redirects and...
PT-2024-2572
Name of the Vulnerable Software and Affected Versions follow-redirects versions prior to 1.15.6 Description The issue is related to insufficient protection of sensitive data in the follow-redirects module, which is a drop-in replacement for Node's http and https modules. This module automatically...
Proxy-Authentication Header Leakage
Undici is vulnerable to Proxy-Authentication header leakage. The vulnerability is due to not clearing Proxy-Authentication headers on cross-origin redirects. Attackers could potentially exploit this vulnerability to gain unauthorized access or obtain sensitive data transmitted via these headers,...
CVE-2024-24758
A sensitive information exposure vulnerability was found in undici. In this issue, it cleared Authorization headers on cross-origin redirects but did not clear the Proxy-Authentication headers...
SUSE CVE-2024-24758
Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici already cleared Authorization headers on cross-origin redirects, but did not clear Proxy-Authentication headers. This issue has been patched in versions 5.28.3 and 6.6.1. Users are advised to upgrade. There are no known...
DEBIAN-CVE-2024-24758
Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici already cleared Authorization headers on cross-origin redirects, but did not clear Proxy-Authentication headers. This issue has been patched in versions 5.28.3 and 6.6.1. Users are advised to upgrade. There are no known...
AZL-35045 CVE-2024-24758 affecting package nodejs for versions less than 20.14.0-1
Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici already cleared Authorization headers on cross-origin redirects, but did not clear Proxy-Authentication headers. This issue has been patched in versions 5.28.3 and 6.6.1. Users are advised to upgrade. There are no known...
UBUNTU-CVE-2024-24758
Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici already cleared Authorization headers on cross-origin redirects, but did not clear Proxy-Authentication headers. This issue has been patched in versions 5.28.3 and 6.6.1. Users are advised to upgrade. There are no known...