CVE-2026-40490 AsyncHttpClient leaks authorization credentials to untrusted domains on cross-origin redirects

The AsyncHttpClient AHC library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. When redirect following is enabled followRedirecttrue, versions of AsyncHttpClient prior to 3.0.9 and 2.14.5 forward Authorization and Proxy-Authorization headers...

CVE-2026-33472 Cryptomator Hub OAuth token exchange HTTP downgrade via getAuthority() scheme confusion (CVE-2026-32303 bypass)

Cryptomator is an open-source client-side encryption application for cloud storage. Version 1.19.1 contains a logic flaw in CheckHostTrustController.getAuthority that allows an attacker to bypass the security fix for CVE-2026-32303. The method hardcodes the URI scheme based on port number, causin...

AsyncHttpClient leaks authorization credentials to untrusted domains on cross-origin redirects

Impact When redirect following is enabled followRedirecttrue, AsyncHttpClient forwards Authorization and Proxy-Authorization headers along with Realm credentials to arbitrary redirect targets regardless of domain, scheme, or port changes. This leaks credentials on cross-domain redirects and...

Alibaba Cloud Linux 3 : 0199: curl (ALINUX3-SA-2025:0199)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2025:0199 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2025-9086: 1. A cookie is set using the secure...

EulerOS 2.0 SP11 : curl (EulerOS-SA-2025-2478)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : 1. A cookie is set using the secure keyword for https://target 2. curl is redirected to or otherwise made to speak with http://target same hostname,...

EulerOS 2.0 SP10 : curl (EulerOS-SA-2025-2382)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : 1. A cookie is set using the secure keyword for https://target 2. curl is redirected to or otherwise made to speak with http://target same hostname,...

EUVD-2015-1171

Malware in sbrugna...

CRLF Injection

Overview h2 is a Pure-Python HTTP/2 protocol implementation Affected versions of this package are vulnerable to CRLF Injection due to insufficient validation in the request headers. This occurs when servers downgrade HTTP/2 requests to HTTP/1.1 without properly validating header names/values,...

CVE-2022-43551

A vulnerability was found in curl. The issue can occur when curl's HSTS check is bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of an insecure clear-text HTTP step even when providing HTTP in the URL. Suppose the hostname in the given...

CVE-2022-36074

Nextcloud server is an open source personal cloud product. Affected versions of this package are vulnerable to Information Exposure which fails to strip the Authorization header on HTTP downgrade. This can lead to account access exposure and compromise. It is recommended that the Nextcloud Server...

Authorization

Nextcloud server is an open source personal cloud product. Affected versions of this package are vulnerable to Information Exposure which fails to strip the Authorization header on HTTP downgrade. This can lead to account access exposure and compromise. It is recommended that the Nextcloud Server...

CVE-2022-36074 Authentication headers exposed on by Nextcloud Server

Nextcloud server is an open source personal cloud product. Affected versions of this package are vulnerable to Information Exposure which fails to strip the Authorization header on HTTP downgrade. This can lead to account access exposure and compromise. It is recommended that the Nextcloud Server...

Authentication header is passed on by Nextcloud Server due to a vulnerable GuzzleHTTP version

None...

Nextcloud: Information exposure in in guzzlehttp/guzzle (https://github.com/nextcloud/3rdparty/tree/master/guzzlehttp/guzzle)

Summary: Affected versions of this package are vulnerable to Information Exposure which fails to strip the Authorization header on HTTP downgrade, this depency is out of date and it can leat to still authorization header. Steps To Reproduce:...

Information Disclosure

guzzlehttp/guzzle is vulnerable to information disclosure. The vulnerability exists because the modifyRequest function of RedirectMiddleware.php does not properly strip the authorization header or cookie header on a change in host or HTTP downgrade, allowing an attacker to get sensitive informati...

Information Disclosure

guzzlehttp/guzzle is vulnerable to information disclosure. The vulnerability exists because the modifyRequest function of RedirectMiddleware.php does not properly strip the authorization header or cookie header on a change in host or HTTP downgrade, allowing an attacker to set malicious domains a...

GHSA-F2WF-25XC-69C9 Failure to strip the Cookie header on change in host or HTTP downgrade

Impact Cookie headers on requests are sensitive information. On making a request using the https scheme to a server which responds with a redirect to a URI with the http scheme, or on making a request to a server which responds with a redirect to a a URI to a different host, we should not forward...

Failure to strip the Cookie header on change in host or HTTP downgrade

Impact Cookie headers on requests are sensitive information. On making a request using the https scheme to a server which responds with a redirect to a URI with the http scheme, or on making a request to a server which responds with a redirect to a a URI to a different host, we should not forward...

Fix failure to strip Authorization header on HTTP downgrade

Impact Authorization headers on requests are sensitive information. On making a request using the https scheme to a server which responds with a redirect to a URI with the http scheme, we should not forward the Authorization header on. This is much the same as to how we don't forward on the heade...

Fix failure to strip Authorization header on HTTP downgrade

Impact Authorization headers on requests are sensitive information. On making a request using the https scheme to a server which responds with a redirect to a URI with the http scheme, we should not forward the Authorization header on. This is much the same as to how we don't forward on the heade...