279 matches found
DEBIAN-CVE-2024-28849
follow-redirects is an open source, drop-in replacement for Node's http and https modules that automatically follows redirects. In affected versions follow-redirects only clears authorization header during cross-domain redirect, but keep the proxy-authentication header which contains credentials...
AZL-43861 CVE-2024-28849 affecting package js-jquery 3.5.0-4
follow-redirects is an open source, drop-in replacement for Node's http and https modules that automatically follows redirects. In affected versions follow-redirects only clears authorization header during cross-domain redirect, but keep the proxy-authentication header which contains credentials...
UBUNTU-CVE-2024-28849
follow-redirects is an open source, drop-in replacement for Node's http and https modules that automatically follows redirects. In affected versions follow-redirects only clears authorization header during cross-domain redirect, but keep the proxy-authentication header which contains credentials...
CVE-2024-28849
follow-redirects is an open source, drop-in replacement for Node's http and https modules that automatically follows redirects. In affected versions follow-redirects only clears authorization header during cross-domain redirect, but keep the proxy-authentication header which contains credentials...
Follow Redirects Information Disclosure Vulnerability
Follow Redirects is a Node.js module that automatically follows Https redirects. An information disclosure vulnerability exists in versions of Follow Redirects prior to 1.15.6, which stems from the fact that follow-redirects only clears the authorization header during cross-domain redirects and...
PT-2024-2572
Name of the Vulnerable Software and Affected Versions follow-redirects versions prior to 1.15.6 Description The issue is related to insufficient protection of sensitive data in the follow-redirects module, which is a drop-in replacement for Node's http and https modules. This module automatically...
Proxy-Authentication Header Leakage
Undici is vulnerable to Proxy-Authentication header leakage. The vulnerability is due to not clearing Proxy-Authentication headers on cross-origin redirects. Attackers could potentially exploit this vulnerability to gain unauthorized access or obtain sensitive data transmitted via these headers,...
CVE-2024-24758
A sensitive information exposure vulnerability was found in undici. In this issue, it cleared Authorization headers on cross-origin redirects but did not clear the Proxy-Authentication headers...
SUSE CVE-2024-24758
Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici already cleared Authorization headers on cross-origin redirects, but did not clear Proxy-Authentication headers. This issue has been patched in versions 5.28.3 and 6.6.1. Users are advised to upgrade. There are no known...
DEBIAN-CVE-2024-24758
Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici already cleared Authorization headers on cross-origin redirects, but did not clear Proxy-Authentication headers. This issue has been patched in versions 5.28.3 and 6.6.1. Users are advised to upgrade. There are no known...
AZL-35045 CVE-2024-24758 affecting package nodejs for versions less than 20.14.0-1
Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici already cleared Authorization headers on cross-origin redirects, but did not clear Proxy-Authentication headers. This issue has been patched in versions 5.28.3 and 6.6.1. Users are advised to upgrade. There are no known...
UBUNTU-CVE-2024-24758
Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici already cleared Authorization headers on cross-origin redirects, but did not clear Proxy-Authentication headers. This issue has been patched in versions 5.28.3 and 6.6.1. Users are advised to upgrade. There are no known...
CVE-2024-24758 Proxy-Authorization header not cleared on cross-origin redirect in fetch in Undici
Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici already cleared Authorization headers on cross-origin redirects, but did not clear Proxy-Authentication headers. This issue has been patched in versions 5.28.3 and 6.6.1. Users are advised to upgrade. There are no known...
CVE-2024-24758
Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici already cleared Authorization headers on cross-origin redirects, but did not clear Proxy-Authentication headers. This issue has been patched in versions 5.28.3 and 6.6.1. Users are advised to upgrade. There are no known...
PT-2024-2689 · Node.Js +4 · Undici +4
Name of the Vulnerable Software and Affected Versions: Undici versions prior to 5.28.3 Undici versions prior to 6.6.1 Description: The issue is related to insufficient protection of service data due to incorrect clearing of Proxy-Authentication headers in the Undici HTTP/1.1 client for Node.js...
Fedora 37 : python-requests (2023-078e257f1c)
The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-078e257f1c advisory. - Security fix for CVE-2023-32681 - https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q Tenable has extracted the preceding description...
SUSE CVE-2005-0147
Firefox before 1.0 and Mozilla before 1.7.5, when configured to use a proxy, respond to 407 proxy auth requests from arbitrary servers, which allows remote attackers to steal NTLM or SPNEGO credentials...
SUSE CVE-2013-2503
Privoxy before 3.0.21 does not properly handle Proxy-Authenticate and Proxy-Authorization headers in the client-server data stream, which makes it easier for remote HTTP servers to spoof the intended proxy service via a 407 aka Proxy Authentication Required HTTP status code...
SUSE CVE-2014-8639
Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 do not properly interpret Set-Cookie headers within responses that have a 407 aka Proxy Authentication Required status code, which allows remote HTTP proxy servers to conduct session...
SUSE CVE-2015-1229
net/http/proxyclientsocket.cc in Google Chrome before 41.0.2272.76 does not properly handle a 407 aka Proxy Authentication Required HTTP status code accompanied by a Set-Cookie header, which allows remote proxy servers to conduct cookie-injection attacks via a crafted response...