2 matches found
GHSA-396Q-4VC8-28X9 @microsoft/kiota-http-fetchlibrary: Bearer token and Cookie leak across origin on redirect due to case-mismatched scrub in fetchRequestAdapter
Summary @microsoft/kiota-http-fetchlibrary's RedirectHandler is documented as stripping Authorization and Cookie from cross-origin redirect targets, but the default scrubSensitiveHeaders callback in RedirectHandlerOptions uses case-sensitive property deletion delete headers.Authorization, delete...
Traefik 安全漏洞
Traefik is an open-source reverse proxy and load balancing tool developed by Traefik. Versions 2.11.9 to 2.11.37, as well as 3.1.3 to 3.6.8, have security vulnerabilities. These vulnerabilities stem from improper handling of case sensitivity when processing Connection headers. This can allow...