1607 matches found
CVE-2020-11021
Actions Http-Client NPM @actions/http-client before version 1.0.8 can disclose Authorization headers to incorrect domain in certain redirect scenarios. The conditions in which this happens are if consumers of the http-client: 1. make an http request with an authorization header 2. that request...
MAL-2025-3937 Malicious code in node-scoped-http-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 881ef5215aabb6e0d9dbaf7bbbdc6f804c031cb613c83b6fdb86f0efbc99d520 The OpenSSF Package Analysis project identified 'node-scoped-http-client' @ 2.0.0 npm as malicious. It is considered malicious because: - The...
Malicious code in node-scoped-http-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 881ef5215aabb6e0d9dbaf7bbbdc6f804c031cb613c83b6fdb86f0efbc99d520 The OpenSSF Package Analysis project identified 'node-scoped-http-client' @ 2.0.0 npm as malicious. It is considered malicious because: - The...
CVE-2025-4476
A denial-of-service vulnerability has been identified in the libsoup HTTP client library. This flaw can be triggered when a libsoup client receives a 401 Unauthorized HTTP response containing a specifically crafted domain parameter within the WWW-Authenticate header. Processing this malformed...
CVE-2025-4476
A denial-of-service vulnerability has been identified in the libsoup HTTP client library. This flaw can be triggered when a libsoup client receives a 401 Unauthorized HTTP response containing a specifically crafted domain parameter within the WWW-Authenticate header. Processing this malformed...
AZL-61910 CVE-2025-4476 affecting package libsoup for versions less than 3.4.4-7
A denial-of-service vulnerability has been identified in the libsoup HTTP client library. This flaw can be triggered when a libsoup client receives a 401 Unauthorized HTTP response containing a specifically crafted domain parameter within the WWW-Authenticate header. Processing this malformed...
AZL-61902 CVE-2025-4476 affecting package libsoup for versions less than 3.0.4-7
A denial-of-service vulnerability has been identified in the libsoup HTTP client library. This flaw can be triggered when a libsoup client receives a 401 Unauthorized HTTP response containing a specifically crafted domain parameter within the WWW-Authenticate header. Processing this malformed...
CVE-2025-4476 Libsoup: null pointer dereference in libsoup may lead to denial of service
A denial-of-service vulnerability has been identified in the libsoup HTTP client library. This flaw can be triggered when a libsoup client receives a 401 Unauthorized HTTP response containing a specifically crafted domain parameter within the WWW-Authenticate header. Processing this malformed...
CVE-2025-4476 Libsoup: null pointer dereference in libsoup may lead to denial of service
A denial-of-service vulnerability has been identified in the libsoup HTTP client library. This flaw can be triggered when a libsoup client receives a 401 Unauthorized HTTP response containing a specifically crafted domain parameter within the WWW-Authenticate header. Processing this malformed...
CVE-2025-47279
Undici is an HTTP/1.1 client for Node.js. Prior to versions 5.29.0, 6.21.2, and 7.5.0, applications that use undici to implement a webhook-like system are vulnerable. If the attacker set up a server with an invalid certificate, and they can force the application to call the webhook repeatedly, th...
CVE-2025-47279 undici Denial of Service attack via bad certificate data
Undici is an HTTP/1.1 client for Node.js. Prior to versions 5.29.0, 6.21.2, and 7.5.0, applications that use undici to implement a webhook-like system are vulnerable. If the attacker set up a server with an invalid certificate, and they can force the application to call the webhook repeatedly, th...
Alibaba Cloud Linux 3 : 0182: python-urllib3 (ALINUX3-SA-2024:0182)
The remote Alibaba Cloud Linux 3 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2024:0182 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2023-43804: urllib3 is a user-friendly...
Alibaba Cloud Linux 3 : 0205: container-tools:rhel8 (ALINUX3-SA-2024:0205)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2024:0205 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2024-24783: Verifying a certificate...
libsoup: Double free on soup_message_headers_get_content_disposition() through "soup-message-headers.c" via "params" GHashTable value
A use-after-free type vulnerability was found in libsoup, in the soupmessageheadersgetcontentdisposition function. This flaw allows a malicious HTTP client to cause memory corruption in the libsoup server...
golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect
A flaw was found in the net/http package of the Golang standard library. The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header redirected to b.com/ will not send that header to b.com. However, the...
DLA-4158-1 fossil - HTTP client fix
Bulletin has no description...
CVE-2025-1948 Eclipse Jetty HTTP clients can increase memory allocation
In Eclipse Jetty versions 12.0.0 to 12.0.16 included, an HTTP/2 client can specify a very large value for the HTTP/2 settings parameter SETTINGSMAXHEADERLISTSIZE. The Jetty HTTP/2 server does not perform validation on this setting, and tries to allocate a ByteBuffer of the specified capacity to...
libsoup: Double free on soup_message_headers_get_content_disposition() through "soup-message-headers.c" via "params" GHashTable value
A use-after-free type vulnerability was found in libsoup, in the soupmessageheadersgetcontentdisposition function. This flaw allows a malicious HTTP client to cause memory corruption in the libsoup server...
Important: Red Hat Security Advisory: libsoup security update
An update for libsoup is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as...
Important: Red Hat Security Advisory: libsoup security update
An update for libsoup is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...