Lucene search
K

5 matches found

OpenVAS
OpenVAS
added 2022/09/19 12:0 a.m.29 views

Mageia: Security Advisory (MGASA-2022-0338)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS7.8AI score0.0182EPSS
Exploits0References9
UbuntuCve
UbuntuCve
added 2022/06/27 10:15 p.m.50 views

CVE-2022-31091

Guzzle, an extensible PHP HTTP client. Authorization and Cookie headers on requests are sensitive information. In affected versions on making a request which responds with a redirect to a URI with a different port, if we choose to follow it, we should remove the Authorization and Cookie headers...

7.7CVSS7.1AI score0.0138EPSS
Exploits0References4
OSV
OSV
added 2022/06/27 12:0 a.m.36 views

CVE-2022-31091 Change in port should be considered a change in origin in Guzzle

Guzzle, an extensible PHP HTTP client. Authorization and Cookie headers on requests are sensitive information. In affected versions on making a request which responds with a redirect to a URI with a different port, if we choose to follow it, we should remove the Authorization and Cookie headers...

7.7CVSS7.1AI score0.0138EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2022/06/27 12:0 a.m.8 views

CVE-2022-31091 Change in port should be considered a change in origin in Guzzle

Guzzle, an extensible PHP HTTP client. Authorization and Cookie headers on requests are sensitive information. In affected versions on making a request which responds with a redirect to a URI with a different port, if we choose to follow it, we should remove the Authorization and Cookie headers...

7.7CVSS7.4AI score0.0138EPSS
Exploits0References4
CVE
CVE
added 2022/06/27 12:0 a.m.118 views

CVE-2022-31091

CVE-2022-31091 affects the Guzzle HTTP client. When following redirects that change port (or scheme/host), the request may inappropriately retain sensitive headers (Authorization, Cookie). The issue is that a redirect to a URI with a different port previously did not trigger header removal for sc...

7.7CVSS7.5AI score0.0138EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder