Lucene search
K

6 matches found

Vulnrichment
Vulnrichment
added 2026/05/14 3:58 p.m.7 views

CVE-2026-44503 Kiota abstractions RedirectHandler leaks Cookie/Proxy-Authorization headers on cross-host redirect

The RedirectHandler middleware in microsoft/kiota-java com.microsoft.kiota:microsoft-kiota-http-okHttp v1.9.0 and other Kiota libraries fails to strip sensitive HTTP headers when following 3xx redirects to a different host or scheme. Only the Authorization header is removed; Cookie,...

7CVSS5.8AI score0.00505EPSS
Exploits0References1
CVE
CVE
added 2026/05/14 3:58 p.m.60 views

CVE-2026-44503

CVE-2026-44503 affects the RedirectHandler in microsoft/kiota-java (com.microsoft.kiota:microsoft-kiota-http-okHttp v1.9.0, and similar Kiota libraries). The root cause is that when following 3xx redirects to a different host or scheme, only the Authorization header is removed; Cookie, Proxy-Auth...

7CVSS5.8AI score0.00505EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/05/07 1:49 a.m.8 views

NPM: Kiota abstractions RedirectHandler leaks Cookie/Proxy-Authorization headers on cross-host redirect

NPM: Kiota abstractions RedirectHandler leaks Cookie/Proxy-Authorization headers on cross-host redirect vulnerability discovered by ? in WordPress Npm kiota-typescript versions 1.0.0-preview.100...

7CVSS5.8AI score0.00505EPSS
Exploits0References3Affected Software1
vulnersOsv
vulnersOsv
added 2026/05/07 1:49 a.m.5 views

ai.pipestream:account-service (>=0.0.2 <=0.0.18), ai.pipestream:connector-admin-service (>=0.1.1 <=0.1.18) +133 more potentially affected by CVE-2026-44503 via com.microsoft.kiota:microsoft-kiota-abstractions (>=0.1.2 <=1.9.0)

com.microsoft.kiota:microsoft-kiota-abstractions MAVEN version =0.1.2, =0.0.2, =0.1.1, =0.2.7, =0.2.7, =0.2.7, =0.1.1, =0.2.7, =0.7.21, =0.7.21, =0.7.21, =0.1.7, =0.0.1, =0.7.23 and more Source cves: CVE-2026-44503 Source advisory: OSV:GHSA-7J59-V9QR-6FQ9...

7CVSS5.7AI score0.00505EPSS
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/06/20 8:19 p.m.2 views

Malicious code in kiota-abstractions (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 50c88af214da245e51d538b267c40095fd8d3cc845bb8760b92f6a839fe5dea0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2022/06/20 8:19 p.m.6 views

MAL-2022-4172 Malicious code in kiota-abstractions (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 50c88af214da245e51d538b267c40095fd8d3cc845bb8760b92f6a839fe5dea0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
Rows per page
Query Builder