4 matches found
AIOHTTP Leaks Cookie And Proxy-Authorization Headers On Cross-origin Redirect
Summary When following redirects to a different origin, aiohttp drops the Authorization header, but retains the Cookie and Proxy-Authorization headers. Impact The Cookie and Proxy-Authorizations headers could contain sensitive information which may be leaked to an unintended party after following...
USN-6473-2 python-pip vulnerabilities
USN-6473-1 fixed vulnerabilities in urllib3. This update provides the corresponding updates for the urllib3 module bundled into pip. Original advisory details: It was discovered that urllib3 didn't strip HTTP Authorization header on cross-origin redirects. A remote attacker could possibly use thi...
Node.js 18.x < 18.18.2 / 20.x < 20.8.1 Multiple Vulnerabilities (Friday October 13 2023 Security Releases).
The version of Node.js installed on the remote host is prior to 18.18.2, 20.8.1. It is, therefore, affected by multiple vulnerabilities as referenced in the Friday October 13 2023 Security Releases advisory. - Undici did not always clear Cookie headers on cross-origin redirects. By design, cookie...
Squid proxy Set-Cookie header race conditions cookie leak
Race condition leads to the situation Set-Cookie header is leaked to different connection...