Lucene search
K

4 matches found

Veracode
Veracode
added 2026/04/04 5:32 a.m.12 views

AIOHTTP Leaks Cookie And Proxy-Authorization Headers On Cross-origin Redirect

Summary When following redirects to a different origin, aiohttp drops the Authorization header, but retains the Cookie and Proxy-Authorization headers. Impact The Cookie and Proxy-Authorizations headers could contain sensitive information which may be leaked to an unintended party after following...

6.9CVSS5.8AI score0.00337EPSS
Exploits0Affected Software1
OSV
OSV
added 2023/11/15 11:27 a.m.10 views

USN-6473-2 python-pip vulnerabilities

USN-6473-1 fixed vulnerabilities in urllib3. This update provides the corresponding updates for the urllib3 module bundled into pip. Original advisory details: It was discovered that urllib3 didn't strip HTTP Authorization header on cross-origin redirects. A remote attacker could possibly use thi...

8.1CVSS6.8AI score0.01207EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/10/19 12:0 a.m.120 views

Node.js 18.x < 18.18.2 / 20.x < 20.8.1 Multiple Vulnerabilities (Friday October 13 2023 Security Releases).

The version of Node.js installed on the remote host is prior to 18.18.2, 20.8.1. It is, therefore, affected by multiple vulnerabilities as referenced in the Friday October 13 2023 Security Releases advisory. - Undici did not always clear Cookie headers on cross-origin redirects. By design, cookie...

9.8CVSS7.3AI score0.99999EPSS
Exploits19References7
securityvulns
securityvulns
added 2005/03/04 12:0 a.m.21 views

Squid proxy Set-Cookie header race conditions cookie leak

Race condition leads to the situation Set-Cookie header is leaked to different connection...

2.2AI score
Exploits0References1Affected Software1
Rows per page
Query Builder