Lucene search
K

534 matches found

Veracode
Veracode
added 2026/04/04 5:32 a.m.15 views

AIOHTTP Leaks Cookie And Proxy-Authorization Headers On Cross-origin Redirect

Summary When following redirects to a different origin, aiohttp drops the Authorization header, but retains the Cookie and Proxy-Authorization headers. Impact The Cookie and Proxy-Authorizations headers could contain sensitive information which may be leaked to an unintended party after following...

6.9CVSS5.8AI score0.00337EPSS
Exploits0Affected Software1
SUSE CVE
SUSE CVE
added 2026/04/02 11:26 p.m.5 views

SUSE CVE-2026-34518

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, when following redirects to a different origin, aiohttp drops the Authorization header, but retains the Cookie and Proxy-Authorization headers. This issue has been patched in version 3.13.4...

5.3CVSS5.7AI score0.00337EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/01 11:1 p.m.5 views

CVE-2026-34518

A flaw was found in AIOHTTP, an asynchronous HTTP client/server framework for asyncio and Python. When AIOHTTP follows redirects to a different origin, it incorrectly retains sensitive Cookie and Proxy-Authorization headers. This oversight could lead to information disclosure, where these headers...

6.9CVSS5.8AI score0.00337EPSS
Exploits0References6
Snyk
Snyk
added 2026/04/01 9:47 p.m.3 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure in the handling of cross-origin redirects, where Cookie and Proxy-Authorization headers are not properly removed. An attacker can obtain sensitive information by causing a user to follow a redirect to a malicious...

6.9CVSS5.9AI score0.00337EPSS
Exploits0References2
OSV
OSV
added 2026/04/01 9:47 p.m.3 views

GHSA-966J-VMVW-G2G9 AIOHTTP leaks Cookie and Proxy-Authorization headers on cross-origin redirect

Summary When following redirects to a different origin, aiohttp drops the Authorization header, but retains the Cookie and Proxy-Authorization headers. Impact The Cookie and Proxy-Authorizations headers could contain sensitive information which may be leaked to an unintended party after following...

6.9CVSS5.8AI score0.00337EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/04/01 9:47 p.m.7 views

AIOHTTP leaks Cookie and Proxy-Authorization headers on cross-origin redirect

Summary When following redirects to a different origin, aiohttp drops the Authorization header, but retains the Cookie and Proxy-Authorization headers. Impact The Cookie and Proxy-Authorizations headers could contain sensitive information which may be leaked to an unintended party after following...

6.9CVSS5.8AI score0.00337EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2026/04/01 9:17 p.m.5 views

CVE-2026-34518

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, when following redirects to a different origin, aiohttp drops the Authorization header, but retains the Cookie and Proxy-Authorization headers. This issue has been patched in version 3.13.4...

6.9CVSS0.00337EPSS
Exploits0References3
OSV
OSV
added 2026/04/01 9:17 p.m.5 views

UBUNTU-CVE-2026-34518

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, when following redirects to a different origin, aiohttp drops the Authorization header, but retains the Cookie and Proxy-Authorization headers. This issue has been patched in version 3.13.4...

6.9CVSS5.7AI score0.00337EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/04/01 8:15 p.m.2 views

CVE-2026-34518 AIOHTTP: Cookie and Proxy-Authorization headers leaked on cross-origin redirect

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, when following redirects to a different origin, aiohttp drops the Authorization header, but retains the Cookie and Proxy-Authorization headers. This issue has been patched in version 3.13.4...

6.9CVSS5.8AI score0.00337EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/01 8:15 p.m.23 views

CVE-2026-34518 AIOHTTP: Cookie and Proxy-Authorization headers leaked on cross-origin redirect

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, when following redirects to a different origin, aiohttp drops the Authorization header, but retains the Cookie and Proxy-Authorization headers. This issue has been patched in version 3.13.4...

6.9CVSS0.00337EPSS
Exploits0References3
CVE
CVE
added 2026/04/01 8:15 p.m.41 views

CVE-2026-34518

CVE-2026-34518 affects aiohttp prior to 3.13.4: during cross-origin redirects, the client/server framework drops the Authorization header but keeps Cookie and Proxy-Authorization headers. This could expose sensitive cookie-related data across origins. The issue is fixed in aiohttp 3.13.4.

6.9CVSS5.8AI score0.00337EPSS
Exploits0References3Affected Software1
AlpineLinux
AlpineLinux
added 2026/04/01 8:15 p.m.4 views

CVE-2026-34518

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, when following redirects to a different origin, aiohttp drops the Authorization header, but retains the Cookie and Proxy-Authorization headers. This issue has been patched in version 3.13.4...

6.9CVSS5.3AI score0.00337EPSS
Exploits0
CNNVD
CNNVD
added 2026/04/01 12:0 a.m.7 views

aiohttp 信息泄露漏洞

aiohttp is an open-source framework developed by aio-libs, used for asynchronous HTTP client/server interactions with asyncio and Python. Prior to version 3.13.4 of aiohttp, there was an information leakage vulnerability. This vulnerability occurred when aiohttp discarded the Authorization header...

6.9CVSS5.8AI score0.00337EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/03/30 12:0 a.m.13 views

Fedora 44 : libsoup3 (2026-55dabf3975)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-55dabf3975 advisory. Add patch for CVE-2026-1539 Also remove Proxy-Authorization header on cross origin redirect Tenable has extracted the preceding description block directly fr...

5.8CVSS6AI score0.00237EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2026/03/23 12:0 a.m.7 views

Fedora: Security Advisory (FEDORA-2026-f029d04054)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.8CVSS5.8AI score0.00237EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/03/20 12:0 a.m.5 views

Fedora 45 : libsoup3 (2026-6fb683df94)

The remote Fedora 45 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-6fb683df94 advisory. Automatic update for libsoup3-3.6.6-6.fc45. Changelog Thu Mar 19 2026 Milan Crha - 3.6.6-6 - Add patch for CVE-2026-1539 Also remove Proxy-Authorization head...

5.8CVSS5.8AI score0.00237EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/03/20 12:0 a.m.15 views

Fedora 43 : libsoup3 (2026-f029d04054)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-f029d04054 advisory. Add patch for CVE-2026-1539 Also remove Proxy-Authorization header on cross origin redirect Tenable has extracted the preceding description block directly fr...

5.8CVSS5.8AI score0.00237EPSS
Exploits0References2
OSV
OSV
added 2026/03/18 10:1 a.m.4 views

OPENSUSE-SU-2026:20384-1 Security update for libsoup

This update for libsoup fixes the following issues: Update to libsoup 3.6.6: - CVE-2025-12105: heap use-after-free in message queue handling during HTTP/2 read completion bsc1252555. - CVE-2025-14523: Duplicate Host Header Handling Causes Host-Parsing Discrepancy bsc1254876. - CVE-2025-32049:...

9.1CVSS7AI score0.00764EPSS
Exploits2References18
Tenable Nessus
Tenable Nessus
added 2026/03/18 12:0 a.m.4 views

RockyLinux 8 : python27:2.7 (RLSA-2023:7042)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:7042 advisory. python-requests: Unintended leak of Proxy-Authorization header CVE-2023-32681 Tenable has extracted the preceding description block directly from the RockyLinux...

6.1CVSS6.8AI score0.02782EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/03/17 12:0 a.m.7 views

MiracleLinux 9 : fence-agents-4.10.0-98.el9_7.10 (AXBA:2026-317:06)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXBA:2026-317:06 advisory. - urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is...

8.9CVSS6.9AI score0.02667EPSS
Exploits1References5
Rows per page
Query Builder