Lucene search
K

534 matches found

OSV
OSV
added 2025/07/11 12:18 p.m.3 views

OESA-2025-1766 etcd security update

%expand: Security Fixes: Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.CVE-2025-4673...

6.8CVSS7AI score0.0056EPSS
Exploits0References2
Amazon
Amazon
added 2025/07/10 12:0 a.m.5 views

Medium: oci-add-hooks

Issue Overview: Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information. CVE-2025-4673 Affected Packages: oci-add-hooks Note: This advisory is applicable to Amazon Linux 2 - Nitro-enclaves Extra. Visit this page to learn mor...

6.8CVSS7AI score0.0056EPSS
Exploits0
Amazon
Amazon
added 2025/07/10 12:0 a.m.6 views

Medium: oci-add-hooks

Issue Overview: Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information. CVE-2025-4673 Affected Packages: oci-add-hooks Note: This advisory is applicable to Amazon Linux 2 - Docker Extra. Visit this page to learn more about...

6.8CVSS7AI score0.0056EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2025/07/09 12:58 a.m.2 views

net/http: Sensitive headers not cleared on cross-origin redirect in net/http

A flaw was found in net/http. Handling Proxy-Authorization and Proxy-Authenticate headers during cross-origin redirects allows these headers to be inadvertently forwarded, potentially exposing sensitive authentication credentials. This flaw allows a network-based attacker to manipulate redirect...

6.8CVSS7.2AI score0.0056EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2025/07/09 12:58 a.m.3 views

net/http: Sensitive headers not cleared on cross-origin redirect in net/http

A flaw was found in net/http. Handling Proxy-Authorization and Proxy-Authenticate headers during cross-origin redirects allows these headers to be inadvertently forwarded, potentially exposing sensitive authentication credentials. This flaw allows a network-based attacker to manipulate redirect...

6.8CVSS7.2AI score0.0056EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2025/07/09 12:55 a.m.4 views

net/http: Sensitive headers not cleared on cross-origin redirect in net/http

A flaw was found in net/http. Handling Proxy-Authorization and Proxy-Authenticate headers during cross-origin redirects allows these headers to be inadvertently forwarded, potentially exposing sensitive authentication credentials. This flaw allows a network-based attacker to manipulate redirect...

6.8CVSS7.2AI score0.0056EPSS
Exploits0References8
OSV
OSV
added 2025/07/04 2:43 p.m.6 views

OESA-2025-1742 golang security update

. Security Fixes: Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.CVE-2025-4673...

6.8CVSS7AI score0.0056EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2025/06/16 11:28 a.m.3 views

Astra Linux – Vulnerability in requests

Requests is an HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This issue arises due to the way we use rebuildproxies to reattach the Proxy-Authorization header to requests. For HTTP connections...

6.1CVSS6.2AI score0.02782EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2025/06/16 12:0 a.m.4 views

TencentOS Server 3: python-requests (TSSA-2023:0244)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2023:0244 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

6.1CVSS7.1AI score0.02782EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/06/16 12:0 a.m.15 views

TencentOS Server 4: python-requests (TSSA-2025:0161)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0161 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

6.1CVSS7.1AI score0.02782EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/06/16 12:0 a.m.3 views

TencentOS Server 3: python3.12-urllib3 (TSSA-2024:0793)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0793 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

6.5CVSS6.8AI score0.01141EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2025/06/12 12:0 a.m.7 views

Mageia: Security Advisory (MGASA-2025-0184)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.5AI score0.0056EPSS
Exploits0References4
OSV
OSV
added 2025/06/11 5:15 p.m.2 views

DEBIAN-CVE-2025-4673

Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information...

6.8CVSS6.3AI score0.0056EPSS
Exploits0References1
OSV
OSV
added 2025/06/11 5:15 p.m.5 views

AZL-63725 CVE-2025-4673 affecting package golang for versions less than 1.22.7-5

Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information...

6.8CVSS6.7AI score0.0056EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/06/11 4:42 p.m.32 views

CVE-2025-4673 Sensitive headers not cleared on cross-origin redirect in net/http

Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information...

0.0056EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2025/06/11 4:42 p.m.10 views

CVE-2025-4673

Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information...

6.8CVSS6.2AI score0.0056EPSS
Exploits0
Mageia
Mageia
added 2025/06/09 6:14 p.m.22 views

Updated golang packages fix security vulnerabilities

Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information. CVE-2025-4673. os: inconsistent handling of OCREATE|OEXCL on Unix and Windows os.OpenFilepath, os.OCREATE|OEXCL behaved differently on Unix and Windows systems when th...

7.5CVSS6.7AI score0.0056EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/06/09 12:0 a.m.8 views

NewStart CGSL MAIN 7.02 : python-urllib3 Vulnerability (NS-SA-2025-0073)

The remote NewStart CGSL host, running version MAIN 7.02, has python-urllib3 packages installed that are affected by a vulnerability: - urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to t...

6.5CVSS6.7AI score0.01141EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2025/06/06 2:25 a.m.5 views

SUSE CVE-2025-4673

Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information...

6.8CVSS7AI score0.0056EPSS
Exploits0References11
Hacker One
Hacker One
added 2025/06/06 1:26 a.m.9 views

curl: Failure to strip Proxy-Authorization header on change in origin

Summary: Failure to strip Proxy-Authorization header on change in origin. AI was not used. I maintain the PHP Guzzle HTTP package which uses curl, and noticed we have the same issue as curl in this regard. I was made aware of this issue when golang patched something similar a few hours ago:...

6.8CVSS8.6AI score0.0056EPSS
Exploits0
Rows per page
Query Builder