Lucene search
K

89 matches found

CNNVD
CNNVD
added 2026/04/21 12:0 a.m.9 views

Follow Redirects 信息泄露漏洞

Follow Redirects is an open-source Node.js module that automatically follows HTTP redirects. Versions of Follow Redirects prior to 1.16.0 had a vulnerability related to information leakage. This vulnerability occurred when HTTP requests followed cross-domain redirects, and only authorization, pro...

7.5CVSS7.2AI score0.00486EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.10 views

PT-2026-34171

Name of the Vulnerable Software and Affected Versions follow-redirects versions prior to 1.16.0 Description When an HTTP request follows a cross-domain redirect 301, 302, 307, or 308, the software only removes authorization, proxy-authorization, and cookie headers. Any custom authentication...

7.5CVSS7.2AI score0.00486EPSS
Exploits0References48
Snyk
Snyk
added 2026/04/17 10:31 p.m.9 views

Insufficiently Protected Credentials

Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials in the advertisedReferences function. The headers - including Authorization headers - from an initial /info/refs request are forwarded to redirect targets. An attacker can obtain authentication...

7.4CVSS5.8AI score0.00259EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/17 10:31 p.m.10 views

go-git: Credential leak via cross-host redirect in smart HTTP transport

Impact go-git may leak HTTP authentication credentials when following redirects during smart-HTTP clone and fetch operations. If a remote repository responds to the initial /info/refs request with a redirect to a different host, go-git updates the session endpoint to the redirected location and...

7.4CVSS5.8AI score0.00259EPSS
Exploits0References5Affected Software2
Github Security Blog
Github Security Blog
added 2026/04/17 10:30 p.m.7 views

Kimai: Username enumeration via timing on X-AUTH-USER

Details src/API/Authentication/TokenAuthenticator.php calls loadUserByIdentifier first and only invokes the password hasher argon2id when a user is returned. When the username does not exist, the request returns roughly 25 ms faster than when it does. The response body is the same in both cases...

5.8AI score
Exploits0References2Affected Software1
Snyk
Snyk
added 2026/04/14 1:11 a.m.6 views

Improper Removal of Sensitive Information Before Storage or Transfer

Overview Affected versions of this package are vulnerable to Improper Removal of Sensitive Information Before Storage or Transfer in the cross-domain redirects that do not strip custom authentication headers such as X-API-Key, X-Auth-Token, Api-Key, Token. An attacker can obtain sensitive...

7.7CVSS5.8AI score0.00486EPSS
Exploits0References2
OSV
OSV
added 2026/04/14 1:11 a.m.3 views

GHSA-R4Q5-VMMM-2653 follow-redirects leaks Custom Authentication Headers to Cross-Domain Redirect Targets

Summary When an HTTP request follows a cross-domain redirect 301/302/307/308, follow-redirects only strips authorization, proxy-authorization, and cookie headers matched by regex at index.js:469-476. Any custom authentication header e.g., X-API-Key, X-Auth-Token, Api-Key, Token is forwarded...

6.9CVSS5.8AI score
Exploits0References3
Snyk
Snyk
added 2026/04/14 1:11 a.m.4 views

Improper Removal of Sensitive Information Before Storage or Transfer

Overview Affected versions of this package are vulnerable to Improper Removal of Sensitive Information Before Storage or Transfer in the cross-domain redirects that do not strip custom authentication headers such as X-API-Key, X-Auth-Token, Api-Key, Token. An attacker can obtain sensitive...

7.7CVSS5.8AI score0.00486EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/14 1:11 a.m.13 views

follow-redirects leaks Custom Authentication Headers to Cross-Domain Redirect Targets

Summary When an HTTP request follows a cross-domain redirect 301/302/307/308, follow-redirects only strips authorization, proxy-authorization, and cookie headers matched by regex at index.js:469-476. Any custom authentication header e.g., X-API-Key, X-Auth-Token, Api-Key, Token is forwarded...

5.8AI score
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/31 12:0 a.m.8 views

PT-2026-29424

Name of the Vulnerable Software and Affected Versions FastMCP versions affected versions not specified Description The OpenAPIProvider in FastMCP is susceptible to an authenticated Server-Side Request Forgery SSRF vulnerability due to insufficient URL encoding of path parameters. Specifically, th...

10CVSS6AI score0.00988EPSS
Exploits1References15
OSV
OSV
added 2026/03/30 5:19 p.m.3 views

GHSA-FGV2-4Q4G-WC35 HAPI FHIR Core has Authentication Credential Leakage via Improper URL Prefix Matching on HTTP Redirect

Summary ManagedWebAccessUtils.getServer uses String.startsWith to match request URLs against configured server URLs for authentication credential dispatch. Because configured server URLs e.g., http://tx.fhir.org lack a trailing slash or host boundary check, an attacker-controlled domain like...

7.4CVSS5.9AI score0.00158EPSS
Exploits1References3
GitLab Advisory Database
GitLab Advisory Database
added 2026/03/18 12:0 a.m.7 views

HAPI FHIR HTTP authentication leak in redirects

When setting headers in HTTP requests, the internal HTTP client sends headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned, to the host mentioned in URL in the Location: response header value. Sending the same set of headers ...

8.2CVSS5.9AI score0.00264EPSS
Exploits0References4
GitLab Advisory Database
GitLab Advisory Database
added 2026/03/18 12:0 a.m.7 views

HAPI FHIR HTTP authentication leak in redirects

When setting headers in HTTP requests, the internal HTTP client sends headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned, to the host mentioned in URL in the Location: response header value. Sending the same set of headers ...

8.2CVSS5.9AI score0.00264EPSS
Exploits0References4
GitLab Advisory Database
GitLab Advisory Database
added 2026/03/18 12:0 a.m.8 views

HAPI FHIR HTTP authentication leak in redirects

When setting headers in HTTP requests, the internal HTTP client sends headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned, to the host mentioned in URL in the Location: response header value. Sending the same set of headers ...

8.2CVSS5.9AI score0.00264EPSS
Exploits0References4
Snyk
Snyk
added 2026/03/05 8:53 p.m.2 views

Unintended Proxy or Intermediary ('Confused Deputy')

Overview Affected versions of this package are vulnerable to Unintended Proxy or Intermediary 'Confused Deputy' due to improper preservation of authentication context in the RestartAction function. An attacker can gain unauthorized access to execute privileged shell actions by exploiting the...

6.3CVSS5.9AI score0.00414EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/03/05 8:53 p.m.8 views

OliveTin's RestartAction always runs actions as guest

Summary An authentication context confusion vulnerability in RestartAction allows a low‑privileged authenticated user to execute actions they are not permitted to run. RestartAction constructs a new internal connect.Request without preserving the original caller’s authentication headers or cookie...

5.3CVSS6.4AI score0.00414EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/05 7:50 p.m.6 views

Gogs: Access tokens get exposed through URL params in API requests

Summary The Gogs API still accepts tokens in URL parameters such as token and accesstoken, which can leak through logs, browser history, and referrers. Details A static review shows that the API still checks tokens in the URL query before looking at headers: - internal/context/auth.go reads...

6.9CVSS5.9AI score0.00254EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/12 12:0 a.m.7 views

PT-2026-7893

Name of the Vulnerable Software and Affected Versions authentik versions prior to 2025.10.4 authentik versions prior to 2025.12.4 Description authentik is an open-source identity provider. A malformed cookie could bypass authentication when using forward authentication with the authentik Proxy...

8.6CVSS5.4AI score0.00479EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2026/02/04 12:0 a.m.5 views

Ubuntu 24.04 LTS / 25.10 : Keystone Middleware vulnerability (USN-8008-1)

The remote Ubuntu 24.04 LTS / 25.10 host has a package installed that is affected by a vulnerability as referenced in the USN-8008-1 advisory. Grzegorz Grasza discovered that the Keystone Middleware incorrectly sanitized authentication headers before processing OAuth 2.0 tokens. An attacker could...

9.9CVSS5.7AI score0.00575EPSS
Exploits0References2
OSV
OSV
added 2026/02/03 1:6 p.m.5 views

USN-8008-1 python-keystonemiddleware vulnerability

Grzegorz Grasza discovered that the Keystone Middleware incorrectly sanitized authentication headers before processing OAuth 2.0 tokens. An attacker could possibly use this issue to escalate privileges or impersonate other users...

9.9CVSS5.8AI score0.00575EPSS
Exploits0References2
Rows per page
Query Builder