2 matches found
GHSA-WQQ4-5WPV-MX2G Undici's cookie header not cleared on cross-origin redirect in fetch
Impact Undici clears Authorization headers on cross-origin redirects, but does not clear Cookie headers. By design, cookie headers are forbidden request headers, disallowing them to be set in RequestInit.headers in browser environments. Since Undici handles headers more liberally than the...
nss_db security update
2.2-35.4 - import Kees Cook's patch to fix accidental leakage of part of ./DBCONFIG 580542, CVE-2010-0826...