534 matches found
OESA-2025-1766 etcd security update
%expand: Security Fixes: Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.CVE-2025-4673...
Medium: oci-add-hooks
Issue Overview: Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information. CVE-2025-4673 Affected Packages: oci-add-hooks Note: This advisory is applicable to Amazon Linux 2 - Nitro-enclaves Extra. Visit this page to learn mor...
Medium: oci-add-hooks
Issue Overview: Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information. CVE-2025-4673 Affected Packages: oci-add-hooks Note: This advisory is applicable to Amazon Linux 2 - Docker Extra. Visit this page to learn more about...
net/http: Sensitive headers not cleared on cross-origin redirect in net/http
A flaw was found in net/http. Handling Proxy-Authorization and Proxy-Authenticate headers during cross-origin redirects allows these headers to be inadvertently forwarded, potentially exposing sensitive authentication credentials. This flaw allows a network-based attacker to manipulate redirect...
net/http: Sensitive headers not cleared on cross-origin redirect in net/http
A flaw was found in net/http. Handling Proxy-Authorization and Proxy-Authenticate headers during cross-origin redirects allows these headers to be inadvertently forwarded, potentially exposing sensitive authentication credentials. This flaw allows a network-based attacker to manipulate redirect...
net/http: Sensitive headers not cleared on cross-origin redirect in net/http
A flaw was found in net/http. Handling Proxy-Authorization and Proxy-Authenticate headers during cross-origin redirects allows these headers to be inadvertently forwarded, potentially exposing sensitive authentication credentials. This flaw allows a network-based attacker to manipulate redirect...
OESA-2025-1742 golang security update
. Security Fixes: Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.CVE-2025-4673...
Astra Linux – Vulnerability in requests
Requests is an HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This issue arises due to the way we use rebuildproxies to reattach the Proxy-Authorization header to requests. For HTTP connections...
TencentOS Server 3: python-requests (TSSA-2023:0244)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2023:0244 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...
TencentOS Server 4: python-requests (TSSA-2025:0161)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0161 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...
TencentOS Server 3: python3.12-urllib3 (TSSA-2024:0793)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0793 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...
Mageia: Security Advisory (MGASA-2025-0184)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
DEBIAN-CVE-2025-4673
Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information...
AZL-63725 CVE-2025-4673 affecting package golang for versions less than 1.22.7-5
Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information...
CVE-2025-4673 Sensitive headers not cleared on cross-origin redirect in net/http
Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information...
CVE-2025-4673
Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information...
Updated golang packages fix security vulnerabilities
Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information. CVE-2025-4673. os: inconsistent handling of OCREATE|OEXCL on Unix and Windows os.OpenFilepath, os.OCREATE|OEXCL behaved differently on Unix and Windows systems when th...
NewStart CGSL MAIN 7.02 : python-urllib3 Vulnerability (NS-SA-2025-0073)
The remote NewStart CGSL host, running version MAIN 7.02, has python-urllib3 packages installed that are affected by a vulnerability: - urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to t...
SUSE CVE-2025-4673
Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information...
curl: Failure to strip Proxy-Authorization header on change in origin
Summary: Failure to strip Proxy-Authorization header on change in origin. AI was not used. I maintain the PHP Guzzle HTTP package which uses curl, and noticed we have the same issue as curl in this regard. I was made aware of this issue when golang patched something similar a few hours ago:...