4 matches found
CVE-2026-8368 affecting package perl-libwww-perl for versions less than 6.83-1
CVE-2026-8368 affecting package perl-libwww-perl for versions less than 6.83-1. An upgraded version of the package is available that resolves this issue...
Fedora 43 : perl-libwww-perl (2026-3b48ba7dc7)
The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-3b48ba7dc7 advisory. Changes: 6.83 2026-05-12 11:41:48Z - LWP::UserAgent now strips Authorization and Proxy-Authorization headers on cross-origin redirects a different scheme,...
perl-libwww-perl-6.830.0-1.1 on GA media (moderate)
perl-libwww-perl-6.830.0-1.1 on GA media Announcement ID: openSUSE-SU-2026:10781-1 Rating: moderate Cross-References: CVE-2026-8368 CVSS scores: CVE-2026-8368 SUSE : 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2026-8368 SUSE : 6...
CVE-2026-8368
LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross-origin redirects. On a 3xx response, the redirect handler strips only Host and Cookie before issuing the follow-up request. Caller-supplied Authorization and Proxy-Authorization headers are se...