Lucene search
K

4 matches found

NVD
NVD
added 2026/06/19 7:16 p.m.8 views

CVE-2026-49336

@microsoft/kiota-http-fetchlibrary provides TypeScript libraries for Kiota-generated API clients. In versions 1.0.0-preview.97 through 1.0.0-preview.101, @microsoft/kiota-http-fetchlibrary's RedirectHandler is documented as stripping Authorization and Cookie from cross-origin redirect targets, bu...

6.9CVSS0.0065EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/19 6:19 p.m.18 views

CVE-2026-49336 @microsoft/kiota-http-fetchlibrary: Bearer token and Cookie leak across origin on redirect due to case-mismatched scrub in fetchRequestAdapter

@microsoft/kiota-http-fetchlibrary provides TypeScript libraries for Kiota-generated API clients. In versions 1.0.0-preview.97 through 1.0.0-preview.101, @microsoft/kiota-http-fetchlibrary's RedirectHandler is documented as stripping Authorization and Cookie from cross-origin redirect targets, bu...

6.9CVSS0.0065EPSS
Exploits0References2
CVE
CVE
added 2026/06/19 6:19 p.m.32 views

CVE-2026-49336

The CVE concerns @microsoft/kiota-http-fetchlibrary (TypeScript) in versions 1.0.0-preview.97–1.0.0-preview.101, where RedirectHandler’s scrubSensitiveHeaders uses case-sensitive deletion (delete headers.Authorization, delete headers.Cookie) on a headers object already lower-cased by FetchRequest...

6.9CVSS5.9AI score0.0065EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/07 1:49 a.m.9 views

Open Redirect

Overview @microsoft/kiota-http-fetchlibrary is an implementation using the Fetch API to make requests. Affected versions of this package are vulnerable to Open Redirect in the RedirectHandler function. An attacker can obtain sensitive information such as session cookies, proxy credentials, and AP...

7CVSS5.8AI score0.00505EPSS
Exploits0References2
Rows per page
Query Builder