Lucene search
K

309 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2024/09/25 6:54 p.m.17 views

Security Bulletin: Vulnerability in Node.js affects IBM watsonx.data

Summary Node.js follow-redirects module could allow a remote authenticated attacker to obtain sensitive information, caused by the leakage of credentials when clearing authorization header during cross-domain redirect, but keeping the proxy-authentication header. An attacker could exploit this...

6.5CVSS6.7AI score0.01044EPSS
Exploits1Affected Software1
OSV
OSV
added 2024/08/16 7:59 a.m.7 views

CLSA-2024-1723795173 wget: Fix of CVE-2024-38428

CVE-2024-38428: properly re-implement userinfo parsing rfc2396 - Fix wget Test-proxied-https-auth.px and Test-proxied-https-auth.px tests failing - Providing wget -O and -q parameters while running in background generates a wget-log file...

9.1CVSS6.8AI score0.00672EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2024/06/13 11:2 a.m.1 views

follow-redirects: Possible credential leak

A vulnerability was found in the follow-redirects package. While processing the cross-domain redirection, follow-redirects clears authorization headers, however, it misses clearing proxy-authentication headers, which contain credentials as well. This issue may lead to credential leaking, having a...

6.5CVSS7.3AI score0.01044EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2024/06/03 11:52 a.m.5 views

follow-redirects: Possible credential leak

A vulnerability was found in the follow-redirects package. While processing the cross-domain redirection, follow-redirects clears authorization headers, however, it misses clearing proxy-authentication headers, which contain credentials as well. This issue may lead to credential leaking, having a...

6.5CVSS7.3AI score0.01044EPSS
Exploits1References5
BDU FSTEC
BDU FSTEC
added 2024/04/10 12:0 a.m.6 views

The vulnerability in the HTTP/1.1 client of the Node.js software platform arises from insufficient protection of service data due to improper cleaning of Proxy-Authentication headers. This allows attackers to enhance their privileges.

The vulnerability of the HTTP/1.1 Undici software platform for Node.js is related to insufficient protection of service data due to improper cleaning of Proxy-Authentication headers. Exploiting this vulnerability can allow a remote attacker to increase their privileges...

5.1CVSS6.5AI score0.00765EPSS
Exploits0References7Affected Software2
Amazon
Amazon
added 2024/03/21 12:0 a.m.7 views

Medium: nodejs

Issue Overview: NOTE: https://nodejs.org/en/blog/release/v18.19.1 NOTE: https://github.com/nodejs/node/commit/f31d47e135973746c4f490d5eb635eded8bb3dda v18.x NOTE: https://github.com/nodejs/node/commit/9052ef43dc2d1b0db340591a9bc9e45a25c01d90 main CVE-2024-22025 Undici is an HTTP/1.1 client, writt...

6.5CVSS6.5AI score0.01309EPSS
Exploits0
Veracode
Veracode
added 2024/03/18 4:38 a.m.33 views

Credential Leakage

follow-redirects is vulnerable to Credential Leakage. The vulnerability is due to insufficient redaction of the proxy-authentication header when handing requests. If an attacker can trigger a cross domain redirect, they can capture the request header containing the sensitive proxy-auth header,...

6.5CVSS6.3AI score0.01044EPSS
Exploits1References6Affected Software2
OSV
OSV
added 2024/03/14 5:15 p.m.2 views

DEBIAN-CVE-2024-28849

follow-redirects is an open source, drop-in replacement for Node's http and https modules that automatically follows redirects. In affected versions follow-redirects only clears authorization header during cross-domain redirect, but keep the proxy-authentication header which contains credentials...

6.5CVSS6.5AI score0.01044EPSS
Exploits1References1
OSV
OSV
added 2024/03/14 5:15 p.m.7 views

AZL-44493 CVE-2024-28849 affecting package js-jquery 3.5.0-4

follow-redirects is an open source, drop-in replacement for Node's http and https modules that automatically follows redirects. In affected versions follow-redirects only clears authorization header during cross-domain redirect, but keep the proxy-authentication header which contains credentials...

6.5CVSS6.6AI score0.01044EPSS
Exploits1References1
OSV
OSV
added 2024/03/14 5:15 p.m.9 views

AZL-43861 CVE-2024-28849 affecting package js-jquery 3.5.0-4

follow-redirects is an open source, drop-in replacement for Node's http and https modules that automatically follows redirects. In affected versions follow-redirects only clears authorization header during cross-domain redirect, but keep the proxy-authentication header which contains credentials...

6.5CVSS6.5AI score0.01044EPSS
Exploits1References1
OSV
OSV
added 2024/03/14 5:15 p.m.3 views

UBUNTU-CVE-2024-28849

follow-redirects is an open source, drop-in replacement for Node's http and https modules that automatically follows redirects. In affected versions follow-redirects only clears authorization header during cross-domain redirect, but keep the proxy-authentication header which contains credentials...

6.5CVSS6.7AI score0.01044EPSS
Exploits1References8
Debian CVE
Debian CVE
added 2024/03/14 5:7 p.m.35 views

CVE-2024-28849

follow-redirects is an open source, drop-in replacement for Node's http and https modules that automatically follows redirects. In affected versions follow-redirects only clears authorization header during cross-domain redirect, but keep the proxy-authentication header which contains credentials...

6.5CVSS6.7AI score0.01044EPSS
Exploits1
CNNVD
CNNVD
added 2024/03/14 12:0 a.m.3 views

Follow Redirects Information Disclosure Vulnerability

Follow Redirects is a Node.js module that automatically follows Https redirects. An information disclosure vulnerability exists in versions of Follow Redirects prior to 1.15.6, which stems from the fact that follow-redirects only clears the authorization header during cross-domain redirects and...

6.5CVSS6.3AI score0.01044EPSS
Exploits1References12
Positive Technologies
Positive Technologies
added 2024/03/14 12:0 a.m.7 views

PT-2024-2572

Name of the Vulnerable Software and Affected Versions follow-redirects versions prior to 1.15.6 Description The issue is related to insufficient protection of sensitive data in the follow-redirects module, which is a drop-in replacement for Node's http and https modules. This module automatically...

6.8CVSS6.5AI score0.01044EPSS
Exploits1References34
Veracode
Veracode
added 2024/02/19 5:12 a.m.30 views

Proxy-Authentication Header Leakage

Undici is vulnerable to Proxy-Authentication header leakage. The vulnerability is due to not clearing Proxy-Authentication headers on cross-origin redirects. Attackers could potentially exploit this vulnerability to gain unauthorized access or obtain sensitive data transmitted via these headers,...

4.5CVSS6.8AI score0.00765EPSS
Exploits0References7Affected Software1
RedhatCVE
RedhatCVE
added 2024/02/18 12:19 p.m.30 views

CVE-2024-24758

A sensitive information exposure vulnerability was found in undici. In this issue, it cleared Authorization headers on cross-origin redirects but did not clear the Proxy-Authentication headers...

3.9CVSS4.1AI score0.00765EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2024/02/17 3:21 a.m.4 views

SUSE CVE-2024-24758

Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici already cleared Authorization headers on cross-origin redirects, but did not clear Proxy-Authentication headers. This issue has been patched in versions 5.28.3 and 6.6.1. Users are advised to upgrade. There are no known...

3.9CVSS8.6AI score0.00765EPSS
Exploits0References9
OSV
OSV
added 2024/02/16 10:15 p.m.0 views

DEBIAN-CVE-2024-24758

Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici already cleared Authorization headers on cross-origin redirects, but did not clear Proxy-Authentication headers. This issue has been patched in versions 5.28.3 and 6.6.1. Users are advised to upgrade. There are no known...

4.5CVSS6.2AI score0.00765EPSS
Exploits0References1
OSV
OSV
added 2024/02/16 10:15 p.m.5 views

AZL-35045 CVE-2024-24758 affecting package nodejs for versions less than 20.14.0-1

Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici already cleared Authorization headers on cross-origin redirects, but did not clear Proxy-Authentication headers. This issue has been patched in versions 5.28.3 and 6.6.1. Users are advised to upgrade. There are no known...

4.5CVSS6.7AI score0.00765EPSS
Exploits0References1
OSV
OSV
added 2024/02/16 10:15 p.m.4 views

UBUNTU-CVE-2024-24758

Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici already cleared Authorization headers on cross-origin redirects, but did not clear Proxy-Authentication headers. This issue has been patched in versions 5.28.3 and 6.6.1. Users are advised to upgrade. There are no known...

4.5CVSS6.8AI score0.00765EPSS
Exploits0References7
Rows per page
Query Builder