openjdk: Improve HTTP client header handling (Oracle CPU 2025-07)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking. Supported versions that are affected are Oracle Java SE: 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK: 17.0.15, 21.0.7 and 24.0.1...

openjdk: Improve HTTP client header handling (Oracle CPU 2025-07)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking. Supported versions that are affected are Oracle Java SE: 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK: 17.0.15, 21.0.7 and 24.0.1...

Reactor Netty HTTP is vulnerable to credential leaks during chained redirects

In some specific scenarios with chained redirects, Reactor Netty HTTP client leaks credentials. In order for this to happen, the HTTP client must have been explicitly configured to follow redirects...

CVE-2025-22227

In some specific scenarios with chained redirects, Reactor Netty HTTP client leaks credentials. In order for this to happen, the HTTP client must have been explicitly configured to follow redirects...

CVE-2025-22227 CVE-2025-22227: Authentication Leak On Redirect With Reactor Netty HTTP Client

In some specific scenarios with chained redirects, Reactor Netty HTTP client leaks credentials. In order for this to happen, the HTTP client must have been explicitly configured to follow redirects...

CVE-2025-22227

CVE-2025-22227 is described in the initial document as a vulnerability where, in specific scenarios with chained redirects, the Reactor Netty HTTP client leaks credentials if the HTTP client is explicitly configured to follow redirects. The connected IBM bulletins list CVE-2025-22227 among a larg...

Important: java-21-openjdk security update

The OpenJDK 21 packages provide the OpenJDK 21 Java Runtime Environment and the OpenJDK 21 Java Software Development Kit. Security Fixes: JDK: Better Glyph drawing CVE-2025-30749 JDK: Enhance TLS protocol support CVE-2025-30754 JDK: Improve HTTP client header handling CVE-2025-50059 JDK: Better...

Reactor Netty 安全漏洞

Reactor Netty is a non-blocking and backpressure-ready TCP/HTTP/UDP/QUIC client and server based on the Netty framework. A security vulnerability exists in Reactor Netty that stems from the Reactor Netty HTTP client disclosing credentials in certain specific scenarios of chained redirection...

PT-2025-29713

Name of the Vulnerable Software and Affected Versions Reactor Netty HTTP client affected versions not specified Description In specific scenarios involving chained redirects, the Reactor Netty HTTP client is susceptible to credential leakage. This issue occurs when the HTTP client is explicitly...

Access Control Bypass

Overview org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages. Affected versions of this package are...

Azure Linux 3.0 Security Update: libsoup (CVE-2025-4476)

The version of libsoup installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-4476 advisory. - A denial-of-service vulnerability has been identified in the libsoup HTTP client library. This flaw can be...

EulerOS 2.0 SP10 : golang (EulerOS-SA-2025-1775)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization head...

EulerOS 2.0 SP10 : golang (EulerOS-SA-2025-1798)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization head...

Amazon Linux 2 : python3-urllib3 (ALAS-2025-2916)

The version of python3-urllib3 installed on the remote host is prior to 1.25.6-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2916 advisory. urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all...

Amazon Linux 2 : python-urllib3 (ALAS-2025-2915)

The version of python-urllib3 installed on the remote host is prior to 1.25.9-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2915 advisory. urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all...

CVE-2025-52479

HTTP.jl provides HTTP client and server functionality for Julia, and URIs.jl parses and works with Uniform Resource Identifiers URIs. URIs.jl prior to version 1.6.0 and HTTP.jl prior to version 1.10.17 allows the construction of URIs containing CR/LF characters. If user input was not otherwise...

CVE-2025-52479

HTTP.jl provides HTTP client and server functionality for Julia, and URIs.jl parses and works with Uniform Resource Identifiers URIs. URIs.jl prior to version 1.6.0 and HTTP.jl prior to version 1.10.17 allows the construction of URIs containing CR/LF characters. If user input was not otherwise...

undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol

A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and...

CVE-2025-50182

urllib3 is a user-friendly HTTP client library for Python. Starting in version 2.2.0 and prior to 2.5.0, urllib3 does not control redirects in browsers and Node.js. urllib3 supports being used in a Pyodide runtime utilizing the JavaScript Fetch API or falling back on XMLHttpRequest. This means...

UBUNTU-CVE-2025-50182

urllib3 is a user-friendly HTTP client library for Python. Starting in version 2.2.0 and prior to 2.5.0, urllib3 does not control redirects in browsers and Node.js. urllib3 supports being used in a Pyodide runtime utilizing the JavaScript Fetch API or falling back on XMLHttpRequest. This means...