CVE-2026-1539 Libsoup: libsoup: credential leakage via http redirects

A flaw was found in the libsoup HTTP library that can cause proxy authentication credentials to be sent to unintended destinations. When handling HTTP redirects, libsoup removes the Authorization header but does not remove the Proxy-Authorization header if the request is redirected to a different...

Azure Linux 3.0 Security Update: nodejs (CVE-2024-24758)

The version of nodejs installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-24758 advisory. - Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici already cleared Authorization headers...

Astra Linux - уязвимость в node-undici

Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici already cleared Authorization headers on cross-origin redirects, but did not clear Proxy-Authentication headers. This issue has been patched in versions 5.28.3 and 6.6.1. Users are advised to upgrade. There are no known...

The vulnerability in the HTTP/1.1 client of the Node.js software platform arises from insufficient protection of service data due to improper cleaning of Proxy-Authentication headers. This allows attackers to enhance their privileges.

The vulnerability of the HTTP/1.1 Undici software platform for Node.js is related to insufficient protection of service data due to improper cleaning of Proxy-Authentication headers. Exploiting this vulnerability can allow a remote attacker to increase their privileges...

DEBIAN-CVE-2024-28849

follow-redirects is an open source, drop-in replacement for Node's http and https modules that automatically follows redirects. In affected versions follow-redirects only clears authorization header during cross-domain redirect, but keep the proxy-authentication header which contains credentials...

UBUNTU-CVE-2024-28849

follow-redirects is an open source, drop-in replacement for Node's http and https modules that automatically follows redirects. In affected versions follow-redirects only clears authorization header during cross-domain redirect, but keep the proxy-authentication header which contains credentials...

CVE-2024-28849

follow-redirects is an open source, drop-in replacement for Node's http and https modules that automatically follows redirects. In affected versions follow-redirects only clears authorization header during cross-domain redirect, but keep the proxy-authentication header which contains credentials...

Follow Redirects Information Disclosure Vulnerability

Follow Redirects is a Node.js module that automatically follows Https redirects. An information disclosure vulnerability exists in versions of Follow Redirects prior to 1.15.6, which stems from the fact that follow-redirects only clears the authorization header during cross-domain redirects and...

PT-2024-2572

Name of the Vulnerable Software and Affected Versions follow-redirects versions prior to 1.15.6 Description The issue is related to insufficient protection of sensitive data in the follow-redirects module, which is a drop-in replacement for Node's http and https modules. This module automatically...

DEBIAN-CVE-2013-2503

Privoxy before 3.0.21 does not properly handle Proxy-Authenticate and Proxy-Authorization headers in the client-server data stream, which makes it easier for remote HTTP servers to spoof the intended proxy service via a 407 aka Proxy Authentication Required HTTP status code...