Lucene search
+L

687 matches found

OSV
OSV
added 2026/06/05 8:17 p.m.11 views

UBUNTU-CVE-2026-45300

The AsyncHttpClient AHC library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. Versions on the 2.x branch prior to 2.15.0 and the 3.x branch prior to 3.0.10 leak Cookie headers to cross-origin redirect targets. When following a redirect to a...

7.4CVSS5.5AI score0.00322EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/06/05 7:32 p.m.10 views

CVE-2026-45300 async-http-client: Cookie header not stripped on cross-origin redirect

The AsyncHttpClient AHC library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. Versions on the 2.x branch prior to 2.15.0 and the 3.x branch prior to 3.0.10 leak Cookie headers to cross-origin redirect targets. When following a redirect to a...

7.4CVSS5.5AI score0.00322EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/06/05 7:32 p.m.34 views

CVE-2026-45300 async-http-client: Cookie header not stripped on cross-origin redirect

The AsyncHttpClient AHC library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. Versions on the 2.x branch prior to 2.15.0 and the 3.x branch prior to 3.0.10 leak Cookie headers to cross-origin redirect targets. When following a redirect to a...

7.4CVSS0.00322EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2026/06/05 7:32 p.m.14 views

CVE-2026-45300

The AsyncHttpClient AHC library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. Versions on the 2.x branch prior to 2.15.0 and the 3.x branch prior to 3.0.10 leak Cookie headers to cross-origin redirect targets. When following a redirect to a...

7.4CVSS5.5AI score0.00322EPSS
Exploits1
CVE
CVE
added 2026/06/05 7:32 p.m.52 views

CVE-2026-45300

CVE-2026-45300 affects AsyncHttpClient: vulnerable in the 2.x branch before 2.15.0 and the 3.x branch before 3.0.10. When following cross-origin redirects, propagatedHeaders() strips Authorization and Proxy-Authorization but leaves Cookie intact, causing session cookies and other sensitive cookie...

7.4CVSS5.5AI score0.00322EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/06/05 7:32 p.m.2 views

CVE-2026-45300 async-http-client: Cookie header not stripped on cross-origin redirect

The AsyncHttpClient AHC library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. Versions on the 2.x branch prior to 2.15.0 and the 3.x branch prior to 3.0.10 leak Cookie headers to cross-origin redirect targets. When following a redirect to a...

7.4CVSS6AI score0.00322EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:11 p.m.10 views

CVE-2026-44503

The RedirectHandler middleware in microsoft/kiota-java com.microsoft.kiota:microsoft-kiota-http-okHttp v1.9.0 and other Kiota libraries fails to strip sensitive HTTP headers when following 3xx redirects to a different host or scheme. Only the Authorization header is removed; Cookie,...

7CVSS5.4AI score0.00505EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/04 5:59 p.m.16 views

EUVD-2026-32925

Hono: Cookie helper does not sanitize sameSite and priority, allowing Set-Cookie injection...

5.3CVSS5.8AI score0.00216EPSS
Exploits0References4
OSV
OSV
added 2026/06/04 5:59 p.m.12 views

GHSA-3HRH-PFW6-9M5X Hono: Cookie helper does not sanitize sameSite and priority, allowing Set-Cookie injection

Summary The serialize function in hono/cookie validates domain and path options against characters that corrupt Set-Cookie header syntax ;, \r, \n, but does not apply the same validation to sameSite and priority. An application that passes user-controlled input into either option may produce a...

4.3CVSS5.8AI score0.00216EPSS
Exploits0References5
Ubuntu
Ubuntu
added 2026/06/04 12:29 p.m.20 views

USN-8384-1: Apache HTTP Server vulnerability

It was discovered that Apache HTTP Server incorrectly handled certain cookie headers in the HTTP/2 implementation. A remote attacker could possibly use this issue to cause Apache HTTP Server to consume excessive resources, resulting in a denial of service...

7.5CVSS5.5AI score0.11471EPSS
Exploits8
SUSE CVE
SUSE CVE
added 2026/06/04 2:21 a.m.12 views

SUSE CVE-2026-47265

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, cookies set with the cookies parameter on requests are sent after following a cross-origin redirect. If a developer uses the cookies parameter on a per-request basis then sensitive data might ...

5.3CVSS5.8AI score0.0015EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.20 views

PT-2026-46844

Summary The serialize function in hono/cookie validates domain and path options against characters that corrupt Set-Cookie header syntax ;, r, , but does not apply the same validation to sameSite and priority. An application that passes user-controlled input into either option may produce a...

5.3CVSS5.8AI score0.00216EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/03 9:34 p.m.15 views

EUVD-2026-34007

AIOHTTP is vulnerable to cross-origin redirect with per-request cookies...

8.7CVSS5.8AI score0.0015EPSS
Exploits0References3
OSV
OSV
added 2026/06/03 9:34 p.m.9 views

GHSA-HG6J-4RV6-33PG AIOHTTP is vulnerable to cross-origin redirect with per-request cookies

Summary Cookies set with the cookies parameter on requests are sent after following a cross-origin redirect. Impact If a developer uses the cookies parameter on a per-request basis then sensitive data might be leaked to an attacker if they manage to control a redirect. Workaround If unable to...

8.7CVSS5.8AI score0.0015EPSS
Exploits0References4
Snyk
Snyk
added 2026/06/03 9:34 p.m.16 views

Origin Validation Error

Overview Affected versions of this package are vulnerable to Origin Validation Error via the cookies parameter, which is processed by connectandsendrequest in client.py. An attacker who can control a redirect on a request that passes cookies on a per-request basis can expose data from those...

8.7CVSS5.5AI score0.0015EPSS
Exploits0References2
NVD
NVD
added 2026/06/02 8:16 p.m.11 views

CVE-2026-47265

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, cookies set with the cookies parameter on requests are sent after following a cross-origin redirect. If a developer uses the cookies parameter on a per-request basis then sensitive data might ...

8.7CVSS0.0015EPSS
Exploits0References2
OSV
OSV
added 2026/06/02 8:16 p.m.8 views

DEBIAN-CVE-2026-47265

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, cookies set with the cookies parameter on requests are sent after following a cross-origin redirect. If a developer uses the cookies parameter on a per-request basis then sensitive data might ...

7.5CVSS5.8AI score0.0015EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/02 6:32 p.m.16 views

CVE-2026-47265 AIOHTTP vulnerable to cross-origin redirect with per-request cookies

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, cookies set with the cookies parameter on requests are sent after following a cross-origin redirect. If a developer uses the cookies parameter on a per-request basis then sensitive data might ...

8.7CVSS5.8AI score0.0015EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/02 6:32 p.m.9 views

CVE-2026-47265

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, cookies set with the cookies parameter on requests are sent after following a cross-origin redirect. If a developer uses the cookies parameter on a per-request basis then sensitive data might ...

8.7CVSS5.8AI score0.0015EPSS
Exploits0References3Affected Software1
AlpineLinux
AlpineLinux
added 2026/06/02 6:32 p.m.12 views

CVE-2026-47265

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, cookies set with the cookies parameter on requests are sent after following a cross-origin redirect. If a developer uses the cookies parameter on a per-request basis then sensitive data might ...

8.7CVSS5.3AI score0.0015EPSS
Exploits0
Rows per page
Query Builder