8 matches found
CVE-2026-49336
@microsoft/kiota-http-fetchlibrary provides TypeScript libraries for Kiota-generated API clients. In versions 1.0.0-preview.97 through 1.0.0-preview.101, @microsoft/kiota-http-fetchlibrary's RedirectHandler is documented as stripping Authorization and Cookie from cross-origin redirect targets, bu...
CVE-2026-49336
The CVE concerns @microsoft/kiota-http-fetchlibrary (TypeScript) in versions 1.0.0-preview.97–1.0.0-preview.101, where RedirectHandler’s scrubSensitiveHeaders uses case-sensitive deletion (delete headers.Authorization, delete headers.Cookie) on a headers object already lower-cased by FetchRequest...
CVE-2026-49336 @microsoft/kiota-http-fetchlibrary: Bearer token and Cookie leak across origin on redirect due to case-mismatched scrub in fetchRequestAdapter
@microsoft/kiota-http-fetchlibrary provides TypeScript libraries for Kiota-generated API clients. In versions 1.0.0-preview.97 through 1.0.0-preview.101, @microsoft/kiota-http-fetchlibrary's RedirectHandler is documented as stripping Authorization and Cookie from cross-origin redirect targets, bu...
Open Redirect
Overview @microsoft/kiota-http-fetchlibrary is an implementation using the Fetch API to make requests. Affected versions of this package are vulnerable to Open Redirect in the RedirectHandler function. An attacker can obtain sensitive information such as session cookies, proxy credentials, and AP...
FreeBSD : FreeBSD -- Certificate revocation list fetch(1) option fails (ce0f52e1-a174-11ef-9a62-002590c1f29c)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the ce0f52e1-a174-11ef-9a62-002590c1f29c advisory. The fetch3 library uses environment variables for passing certain information, including the revocation...
CVE-2024-45289
The fetch3 library uses environment variables for passing certain information, including the revocation file pathname. The environment variable name used by fetch1 to pass the filename to the library was incorrect, in effect ignoring the option. Fetch would still connect to a host presenting a...
PT-2024-31541 · Fetch +1 · Fetch +1
Name of the Vulnerable Software and Affected Versions: fetch versions affected versions not specified Description: The issue arises from the fetch3 library's use of environment variables to pass information, including the revocation file pathname. However, the environment variable name used by...
The vulnerability of the util.setPath function in the node-fetch library of the Aurora Application Center involves uncontrolled changes to prototype attributes of objects. This allows attackers to execute a “prototype pollution” attack.
The vulnerability of the util.setPath function in the node-fetch library of the Aurora Application Software is related to uncontrolled changes to prototype attributes of objects. Exploiting this vulnerability could allow a malicious actor to execute a “prototype pollution” attack...