6 matches found
CVE-2026-44503 Kiota abstractions RedirectHandler leaks Cookie/Proxy-Authorization headers on cross-host redirect
The RedirectHandler middleware in microsoft/kiota-java com.microsoft.kiota:microsoft-kiota-http-okHttp v1.9.0 and other Kiota libraries fails to strip sensitive HTTP headers when following 3xx redirects to a different host or scheme. Only the Authorization header is removed; Cookie,...
CVE-2026-44503
CVE-2026-44503 affects the RedirectHandler in microsoft/kiota-java (com.microsoft.kiota:microsoft-kiota-http-okHttp v1.9.0, and similar Kiota libraries). The root cause is that when following 3xx redirects to a different host or scheme, only the Authorization header is removed; Cookie, Proxy-Auth...
NPM: Kiota abstractions RedirectHandler leaks Cookie/Proxy-Authorization headers on cross-host redirect
NPM: Kiota abstractions RedirectHandler leaks Cookie/Proxy-Authorization headers on cross-host redirect vulnerability discovered by ? in WordPress Npm kiota-typescript versions 1.0.0-preview.100...
ai.pipestream:account-service (>=0.0.2 <=0.0.18), ai.pipestream:connector-admin-service (>=0.1.1 <=0.1.18) +133 more potentially affected by CVE-2026-44503 via com.microsoft.kiota:microsoft-kiota-abstractions (>=0.1.2 <=1.9.0)
com.microsoft.kiota:microsoft-kiota-abstractions MAVEN version =0.1.2, =0.0.2, =0.1.1, =0.2.7, =0.2.7, =0.2.7, =0.1.1, =0.2.7, =0.7.21, =0.7.21, =0.7.21, =0.1.7, =0.0.1, =0.7.23 and more Source cves: CVE-2026-44503 Source advisory: OSV:GHSA-7J59-V9QR-6FQ9...
Malicious code in kiota-abstractions (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 50c88af214da245e51d538b267c40095fd8d3cc845bb8760b92f6a839fe5dea0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-4172 Malicious code in kiota-abstractions (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 50c88af214da245e51d538b267c40095fd8d3cc845bb8760b92f6a839fe5dea0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...