Lucene search
K

231 matches found

Veracode
Veracode
added 2025/02/18 5:48 a.m.10 views

Regular Expression Denial Of Service (ReDoS)

@octokit/request-error is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to inefficient regular expression processing in the handling of HTTP request headers. Specifically, the regex used to process authorization headers fails to handle excessive whitespace...

5.3CVSS5.1AI score0.0058EPSS
Exploits0References4Affected Software1
SUSE CVE
SUSE CVE
added 2025/02/14 6:11 a.m.3 views

SUSE CVE-2023-45725

Design document functions which receive a user http request object may expose authorization or session cookie headers of the user who accesses the document. These design document functions are: list show rewrite update An attacker can leak the session component using an HTML-like output, insert t...

5.7CVSS5.5AI score0.01232EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/01/06 10:26 p.m.5 views

CVE-2025-21620 Deno's authorization headers not dropped when redirecting cross-origin

Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. When you send a request with the Authorization header to one domain, and the response asks to redirect to a different domain, Deno'sfetch redirect handling creates a follow-up redirect request that keeps the original...

7.5CVSS6.7AI score0.00496EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2024/08/22 12:0 a.m.17 views

Huawei EulerOS: Security Advisory for python-requests (EulerOS-SA-2024-2291)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.1CVSS7.4AI score0.02782EPSS
Exploits1References2
OSV
OSV
added 2024/06/18 8:15 p.m.3 views

UBUNTU-CVE-2024-38275

The cURL wrapper in Moodle retained the original request headers when following redirects, so HTTP authorization header information could be unintentionally sent in requests to redirect URLs...

7.5CVSS5.8AI score0.00445EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.14 views

RHEL 6 : python-requests (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - python-requests: Redirect from HTTPS to HTTP does not remove Authorization header CVE-2018-18074 - Reques...

7.5AI score0.07443EPSS
Exploits3References2
RedhatCVE
RedhatCVE
added 2024/04/04 8:21 p.m.25 views

CVE-2024-30260

A flaw was found in the nodejs-undici package. Proxy-Authorization headers are not cleared on cross-origin redirects, which can allow for the exposure of sensitive data or allow an attacker to capture the persistent proxy-authentication header. Mitigation Mitigation for this issue is either not...

3.9CVSS4AI score0.00734EPSS
Exploits0References3
OSV
OSV
added 2024/04/04 4:15 p.m.6 views

AZL-39803 CVE-2024-30260 affecting package nodejs18 for versions less than 18.20.2-1

Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici cleared Authorization and Proxy-Authorization headers for fetch, but did not clear them for undici.request. This vulnerability was patched in versions 5.28.4 and 6.11.1...

4.3CVSS6.6AI score0.00734EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2024/04/04 3:15 p.m.27 views

CVE-2024-30260

Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici cleared Authorization and Proxy-Authorization headers for fetch, but did not clear them for undici.request. This vulnerability was patched in versions 5.28.4 and 6.11.1...

4.3CVSS6.1AI score0.00734EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/04/04 12:0 a.m.4 views

PT-2024-2954 · Node.Js +3 · Undici +3

Name of the Vulnerable Software and Affected Versions: Undici versions prior to 5.28.4 Undici versions prior to 6.11.1 Description: The issue is related to the Undici HTTP/1.1 client for Node.js, which has a flaw in its authorization procedure. Specifically, Undici clears Authorization and...

8.2CVSS7.4AI score0.87211EPSS
Exploits3References67
Prion
Prion
added 2024/02/16 10:15 p.m.21 views

Authorization

Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici already cleared Authorization headers on cross-origin redirects, but did not clear Proxy-Authentication headers. This issue has been patched in versions 5.28.3 and 6.6.1. Users are advised to upgrade. There are no known...

4.3CVSS7AI score0.00765EPSS
Exploits0References2
OSV
OSV
added 2024/02/16 9:40 p.m.37 views

CVE-2024-24758 Proxy-Authorization header not cleared on cross-origin redirect in fetch in Undici

Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici already cleared Authorization headers on cross-origin redirects, but did not clear Proxy-Authentication headers. This issue has been patched in versions 5.28.3 and 6.6.1. Users are advised to upgrade. There are no known...

3.9CVSS6.2AI score0.00765EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2024/02/08 12:0 a.m.32 views

CentOS 8 : python-requests (CESA-2023:4520)

The remote CentOS Linux 8 host has a package installed that is affected by a vulnerability as referenced in the CESA-2023:4520 advisory. - Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS...

6.1CVSS7.1AI score0.02782EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2024/01/16 12:0 a.m.16 views

EulerOS Virtualization 2.10.0 : python-requests (EulerOS-SA-2023-2946)

According to the versions of the python-requests package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination...

6.1CVSS7AI score0.02782EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2024/01/16 12:0 a.m.30 views

EulerOS Virtualization 2.11.1 : python-requests (EulerOS-SA-2023-2741)

According to the versions of the python-requests package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination...

6.1CVSS7AI score0.02782EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2024/01/16 12:0 a.m.19 views

EulerOS Virtualization 2.10.1 : python-pip (EulerOS-SA-2023-2926)

According to the versions of the python-pip packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination server...

6.1CVSS7AI score0.02782EPSS
Exploits1References2
OSV
OSV
added 2023/12/15 11:6 a.m.3 views

OESA-2023-1909 python-twisted security update

Twisted is an event-based framework for internet applications, supporting Python 2.7 and Python 3.5+. It includes modules for many different purposes, including the following: Security Fixes: twisted is an event-driven networking engine written in Python. In affected versions twisted exposes...

8.1CVSS7AI score0.03608EPSS
Exploits2References5
OSV
OSV
added 2023/12/13 8:15 a.m.3 views

UBUNTU-CVE-2023-45725

Design document functions which receive a user http request object may expose authorization or session cookie headers of the user who accesses the document. These design document functions are: list show rewrite update An attacker can leak the session component using an HTML-like output,...

5.7CVSS6.3AI score0.01232EPSS
Exploits0References4
OSV
OSV
added 2023/12/13 8:2 a.m.25 views

CVE-2023-45725 Apache CouchDB, IBM Cloudant: Privilege Escalation Using _design Documents

Design document functions which receive a user http request object may expose authorization or session cookie headers of the user who accesses the document. These design document functions are: list show rewrite update An attacker can leak the session component using an HTML-like output,...

5.7CVSS6.2AI score0.01232EPSS
Exploits0References4
Cvelist
Cvelist
added 2023/12/13 7:2 a.m.35 views

CVE-2023-46675 Kibana Insertion of Sensitive Information into Log File

An issue was discovered by Elastic whereby sensitive information may be recorded in Kibana logs in the event of an error or in the event where debug level logging is enabled in Kibana. Elastic has released Kibana 8.11.2 which resolves this issue. The messages recorded in the log may contain Accou...

8CVSS7.9AI score0.00608EPSS
Exploits0References1
Rows per page
Query Builder