Lucene search
K

539 matches found

Github Security Blog
Github Security Blog
added 2026/04/14 11:33 p.m.9 views

frp has an authentication bypass in HTTP vhost routing when routeByHTTPUser is used for access control

Summary frp contains an authentication bypass in the HTTP vhost routing path when routeByHTTPUser is used as part of access control. In proxy-style requests, the routing logic uses the username from Proxy-Authorization to select the routeByHTTPUser backend, while the access control check uses...

9.1CVSS5.9AI score0.00269EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/14 1:7 a.m.6 views

AsyncHttpClient leaks authorization credentials to untrusted domains on cross-origin redirects

Impact When redirect following is enabled followRedirecttrue, AsyncHttpClient forwards Authorization and Proxy-Authorization headers along with Realm credentials to arbitrary redirect targets regardless of domain, scheme, or port changes. This leaks credentials on cross-domain redirects and...

6.8CVSS5.5AI score0.00326EPSS
Exploits0References7Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.9 views

PT-2026-33219

The AsyncHttpClient AHC library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. When redirect following is enabled followRedirecttrue, versions of AsyncHttpClient prior to 3.0.9 and 2.14.5 forward Authorization and Proxy-Authorization headers...

6.8CVSS6AI score0.00326EPSS
Exploits0References10
Veracode
Veracode
added 2026/04/04 5:32 a.m.16 views

AIOHTTP Leaks Cookie And Proxy-Authorization Headers On Cross-origin Redirect

Summary When following redirects to a different origin, aiohttp drops the Authorization header, but retains the Cookie and Proxy-Authorization headers. Impact The Cookie and Proxy-Authorizations headers could contain sensitive information which may be leaked to an unintended party after following...

6.9CVSS5.8AI score0.00337EPSS
Exploits0Affected Software1
SUSE CVE
SUSE CVE
added 2026/04/02 11:26 p.m.6 views

SUSE CVE-2026-34518

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, when following redirects to a different origin, aiohttp drops the Authorization header, but retains the Cookie and Proxy-Authorization headers. This issue has been patched in version 3.13.4...

5.3CVSS5.7AI score0.00337EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/01 11:1 p.m.5 views

CVE-2026-34518

A flaw was found in AIOHTTP, an asynchronous HTTP client/server framework for asyncio and Python. When AIOHTTP follows redirects to a different origin, it incorrectly retains sensitive Cookie and Proxy-Authorization headers. This oversight could lead to information disclosure, where these headers...

6.9CVSS5.8AI score0.00337EPSS
Exploits0References6
OSV
OSV
added 2026/04/01 9:47 p.m.3 views

GHSA-966J-VMVW-G2G9 AIOHTTP leaks Cookie and Proxy-Authorization headers on cross-origin redirect

Summary When following redirects to a different origin, aiohttp drops the Authorization header, but retains the Cookie and Proxy-Authorization headers. Impact The Cookie and Proxy-Authorizations headers could contain sensitive information which may be leaked to an unintended party after following...

6.9CVSS5.8AI score0.00337EPSS
Exploits0References5
Snyk
Snyk
added 2026/04/01 9:47 p.m.5 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure in the handling of cross-origin redirects, where Cookie and Proxy-Authorization headers are not properly removed. An attacker can obtain sensitive information by causing a user to follow a redirect to a malicious...

6.9CVSS5.9AI score0.00337EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/01 9:47 p.m.7 views

AIOHTTP leaks Cookie and Proxy-Authorization headers on cross-origin redirect

Summary When following redirects to a different origin, aiohttp drops the Authorization header, but retains the Cookie and Proxy-Authorization headers. Impact The Cookie and Proxy-Authorizations headers could contain sensitive information which may be leaked to an unintended party after following...

6.9CVSS5.8AI score0.00337EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2026/04/01 9:17 p.m.5 views

CVE-2026-34518

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, when following redirects to a different origin, aiohttp drops the Authorization header, but retains the Cookie and Proxy-Authorization headers. This issue has been patched in version 3.13.4...

6.9CVSS0.00337EPSS
Exploits0References3
OSV
OSV
added 2026/04/01 9:17 p.m.6 views

UBUNTU-CVE-2026-34518

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, when following redirects to a different origin, aiohttp drops the Authorization header, but retains the Cookie and Proxy-Authorization headers. This issue has been patched in version 3.13.4...

6.9CVSS5.7AI score0.00337EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/04/01 8:15 p.m.2 views

CVE-2026-34518 AIOHTTP: Cookie and Proxy-Authorization headers leaked on cross-origin redirect

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, when following redirects to a different origin, aiohttp drops the Authorization header, but retains the Cookie and Proxy-Authorization headers. This issue has been patched in version 3.13.4...

6.9CVSS5.8AI score0.00337EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/01 8:15 p.m.26 views

CVE-2026-34518 AIOHTTP: Cookie and Proxy-Authorization headers leaked on cross-origin redirect

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, when following redirects to a different origin, aiohttp drops the Authorization header, but retains the Cookie and Proxy-Authorization headers. This issue has been patched in version 3.13.4...

6.9CVSS0.00337EPSS
Exploits0References3
CVE
CVE
added 2026/04/01 8:15 p.m.43 views

CVE-2026-34518

CVE-2026-34518 affects aiohttp prior to 3.13.4: during cross-origin redirects, the client/server framework drops the Authorization header but keeps Cookie and Proxy-Authorization headers. This could expose sensitive cookie-related data across origins. The issue is fixed in aiohttp 3.13.4.

6.9CVSS5.8AI score0.00337EPSS
Exploits0References3Affected Software1
AlpineLinux
AlpineLinux
added 2026/04/01 8:15 p.m.4 views

CVE-2026-34518

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, when following redirects to a different origin, aiohttp drops the Authorization header, but retains the Cookie and Proxy-Authorization headers. This issue has been patched in version 3.13.4...

6.9CVSS5.3AI score0.00337EPSS
Exploits0
CNNVD
CNNVD
added 2026/04/01 12:0 a.m.7 views

aiohttp 信息泄露漏洞

aiohttp is an open-source framework developed by aio-libs, used for asynchronous HTTP client/server interactions with asyncio and Python. Prior to version 3.13.4 of aiohttp, there was an information leakage vulnerability. This vulnerability occurred when aiohttp discarded the Authorization header...

6.9CVSS5.8AI score0.00337EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/03/30 12:0 a.m.14 views

Fedora 44 : libsoup3 (2026-55dabf3975)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-55dabf3975 advisory. Add patch for CVE-2026-1539 Also remove Proxy-Authorization header on cross origin redirect Tenable has extracted the preceding description block directly fr...

5.8CVSS6AI score0.00237EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2026/03/23 12:0 a.m.7 views

Fedora: Security Advisory (FEDORA-2026-f029d04054)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.8CVSS5.8AI score0.00237EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/03/20 12:0 a.m.16 views

Fedora 43 : libsoup3 (2026-f029d04054)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-f029d04054 advisory. Add patch for CVE-2026-1539 Also remove Proxy-Authorization header on cross origin redirect Tenable has extracted the preceding description block directly fr...

5.8CVSS5.8AI score0.00237EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/03/20 12:0 a.m.5 views

Fedora 45 : libsoup3 (2026-6fb683df94)

The remote Fedora 45 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-6fb683df94 advisory. Automatic update for libsoup3-3.6.6-6.fc45. Changelog Thu Mar 19 2026 Milan Crha - 3.6.6-6 - Add patch for CVE-2026-1539 Also remove Proxy-Authorization head...

5.8CVSS5.8AI score0.00237EPSS
Exploits0References2
Rows per page
Query Builder