CVE-2024-1023

A vulnerability in the Eclipse Vert.x toolkit results in a memory leak due to using Netty FastThreadLocal data structures. Specifically, when the Vert.x HTTP client establishes connections to different hosts, triggering the memory leak. The leak can be accelerated with intimate runtime knowledge,...

CVE-2024-1023 Io.vertx/vertx-core: memory leak due to the use of netty fastthreadlocal data structures in vertx

A vulnerability in the Eclipse Vert.x toolkit results in a memory leak due to using Netty FastThreadLocal data structures. Specifically, when the Vert.x HTTP client establishes connections to different hosts, triggering the memory leak. The leak can be accelerated with intimate runtime knowledge,...

EulerOS Virtualization 2.11.0 : python-urllib3 (EulerOS-SA-2024-1435)

According to the versions of the python-urllib3 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the Cookie HTTP header special or provide...

Huawei EulerOS: Security Advisory for python-urllib3 (EulerOS-SA-2024-1435)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 2.11.1 : python-urllib3 (EulerOS-SA-2024-1407)

According to the versions of the python-urllib3 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the Cookie HTTP header special or provide...

EulerOS Virtualization 2.10.1 : python-urllib3 (EulerOS-SA-2024-1369)

According to the versions of the python-urllib3 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the Cookie HTTP header special or provide...

EulerOS Virtualization 2.10.0 : python-urllib3 (EulerOS-SA-2024-1390)

According to the versions of the python-urllib3 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the Cookie HTTP header special or provide...

Huawei EulerOS: Security Advisory for python-urllib3 (EulerOS-SA-2024-1296)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP8 : python-pip (EulerOS-SA-2024-1295)

According to the versions of the python-pip packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - urllib3 before 1.24.2 does not remove the authorization HTTP header when following a cross-origin redirect i.e., a redirect that differs in...

BIT-PYTHON-2021-3733

There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client such as web browser connects to, could trigger a Regular Expression Denial of Service ReDOS during an authentication request with a specially crafted payload that is sen...

BIT-GOLANG-2023-39326 Denial of service via chunk extensions in net/http

A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of data up to about...

BIT-DRUPAL-2022-29248 Cross-domain cookie leakage in Guzzle

Guzzle is a PHP HTTP client. Guzzle prior to versions 6.5.6 and 7.4.3 contains a vulnerability with the cookie middleware. The vulnerability is that it is not checked if the cookie domain equals the domain of the server which sets the cookie via the Set-Cookie header, allowing a malicious server ...

BIT-DRUPAL-2022-31042 Failure to strip the Cookie header on change in host or HTTP downgrade in Guzzle

Guzzle is an open source PHP HTTP client. In affected versions the Cookie headers on requests are sensitive information. On making a request using the https scheme to a server which responds with a redirect to a URI with the http scheme, or on making a request to a server which responds with a...

BIT-DRUPAL-2022-31043 Fix failure to strip Authorization header on HTTP downgrade in Guzzle

Guzzle is an open source PHP HTTP client. In affected versions Authorization headers on requests are sensitive information. On making a request using the https scheme to a server which responds with a redirect to a URI with the http scheme, we should not forward the Authorization header on. This ...

CVE-2023-45289

When following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial domain, an http.Client does not forward sensitive headers such as "Authorization" or "Cookie". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a...

PT-2024-2133

Name of the Vulnerable Software and Affected Versions: golang versions affected versions not specified http.Client affected versions not specified Description: The issue is related to how an http.Client handles HTTP redirects. When an HTTP redirect is made to a domain that is not a subdomain matc...

openSUSE: Security Advisory for java (SUSE-SU-2023:3023-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CentOS 9 : python-urllib3-1.26.5-4.el9

The remote CentOS Linux 9 host has a package installed that is affected by a vulnerability as referenced in the python- urllib3-1.26.5-4.el9 build changelog. - urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the Cookie HTTP header special or provide any helpers fo...

CentOS 9 : python3.11-urllib3-1.26.12-2.el9

The remote CentOS Linux 9 host has a package installed that is affected by a vulnerability as referenced in the python3.11-urllib3-1.26.12-2.el9 build changelog. - urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the Cookie HTTP header special or provide any helper...

GHSA-W6QF-42M7-VH68 Undertow Uncontrolled Resource Consumption Vulnerability

A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and...