4 matches found
GHSA-9857-6MW7-FQ2M gix-transport: HTTP credentials leaked to redirected host in curl backend
Summary The curl-based HTTP transport in gix-transport sends user credentials passwords, tokens to an attacker-controlled server after an HTTP redirect. When a server responds with a 302 redirect during the initial GET /info/refs, gitoxide records the redirected base URL and rewrites all subseque...
gix-transport: HTTP credentials leaked to redirected host in curl backend
Summary The curl-based HTTP transport in gix-transport sends user credentials passwords, tokens to an attacker-controlled server after an HTTP redirect. When a server responds with a 302 redirect during the initial GET /info/refs, gitoxide records the redirected base URL and rewrites all subseque...
GHSA-M95X-M25C-W9MP XML-RPC for PHP allows access to local files via malicious argument to the Client::send method
Abusing the $method argument of Client::send, it was possible to force the client to access local files or connect to undesired urls instead of the intended target server's url the one used in the Client constructor. This weakness only affects installations where all the following conditions appl...
PT-2023-33042 · Unknown · Xmlrpc Client
Name of the Vulnerable Software and Affected Versions: xmlrpc Client affected versions not specified Description: The issue allows an attacker to force the client to access local files or connect to undesired URLs instead of the intended target server's URL. This is possible by abusing the $metho...