175 matches found
GHSA-7J59-V9QR-6FQ9 Kiota abstractions RedirectHandler leaks Cookie/Proxy-Authorization headers on cross-host redirect
Summary The RedirectHandler middleware in microsoft/kiota-java com.microsoft.kiota:microsoft-kiota-http-okHttp v1.9.0 and other Kiota libraries fails to strip sensitive HTTP headers when following 3xx redirects to a different host or scheme. This vulnerability is present in the RedirectHandlers...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-pip (UTSA-2026-016506)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016506 advisory. Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint...
PT-2026-35898
Name of the Vulnerable Software and Affected Versions curl affected versions not specified Description When using libcurl to perform a transfer over a specific HTTP proxy proxyA with Digest authentication and subsequently changing the proxy host to a second one proxyB while reusing the same handl...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: libsoup (UTSA-2026-014297)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-014297 advisory. A flaw was found in the libsoup HTTP library that can cause proxy authentication credentials to be sent to unintended destinations. When handling HTTP redirects,...
EUVD-2026-23638
The AsyncHttpClient AHC library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. When redirect following is enabled followRedirecttrue, versions of AsyncHttpClient prior to 3.0.9 and 2.14.5 forward Authorization and Proxy-Authorization headers...
PT-2026-33219
The AsyncHttpClient AHC library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. When redirect following is enabled followRedirecttrue, versions of AsyncHttpClient prior to 3.0.9 and 2.14.5 forward Authorization and Proxy-Authorization headers...
AIOHTTP Leaks Cookie And Proxy-Authorization Headers On Cross-origin Redirect
Summary When following redirects to a different origin, aiohttp drops the Authorization header, but retains the Cookie and Proxy-Authorization headers. Impact The Cookie and Proxy-Authorizations headers could contain sensitive information which may be leaked to an unintended party after following...
SUSE CVE-2026-34518
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, when following redirects to a different origin, aiohttp drops the Authorization header, but retains the Cookie and Proxy-Authorization headers. This issue has been patched in version 3.13.4...
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure in the handling of cross-origin redirects, where Cookie and Proxy-Authorization headers are not properly removed. An attacker can obtain sensitive information by causing a user to follow a redirect to a malicious...
GHSA-966J-VMVW-G2G9 AIOHTTP leaks Cookie and Proxy-Authorization headers on cross-origin redirect
Summary When following redirects to a different origin, aiohttp drops the Authorization header, but retains the Cookie and Proxy-Authorization headers. Impact The Cookie and Proxy-Authorizations headers could contain sensitive information which may be leaked to an unintended party after following...
AIOHTTP leaks Cookie and Proxy-Authorization headers on cross-origin redirect
Summary When following redirects to a different origin, aiohttp drops the Authorization header, but retains the Cookie and Proxy-Authorization headers. Impact The Cookie and Proxy-Authorizations headers could contain sensitive information which may be leaked to an unintended party after following...
Fedora 44 : libsoup3 (2026-55dabf3975)
The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-55dabf3975 advisory. Add patch for CVE-2026-1539 Also remove Proxy-Authorization header on cross origin redirect Tenable has extracted the preceding description block directly fr...
Fedora: Security Advisory (FEDORA-2026-f029d04054)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 43 : libsoup3 (2026-f029d04054)
The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-f029d04054 advisory. Add patch for CVE-2026-1539 Also remove Proxy-Authorization header on cross origin redirect Tenable has extracted the preceding description block directly fr...
Fedora 45 : libsoup3 (2026-6fb683df94)
The remote Fedora 45 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-6fb683df94 advisory. Automatic update for libsoup3-3.6.6-6.fc45. Changelog Thu Mar 19 2026 Milan Crha - 3.6.6-6 - Add patch for CVE-2026-1539 Also remove Proxy-Authorization head...
MiracleLinux 9 : fence-agents-4.10.0-98.el9_7.10 (AXBA:2026-317:06)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXBA:2026-317:06 advisory. - urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : libsoup2 (SUSE-SU-2026:0811-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0811-1 advisory. - CVE-2026-1467: lack of input sanitization can lead to unintended or unauthorized HTTP requests...
USN-8020-1: libsoup vulnerabilities
It was discovered that libsoup did not correctly handle certain URL-decoded input, which could allow for HTTP header injection. A remote attacker could possibly use this issue to cause a denial of service or execute arbitrary code. CVE-2026-1467, CVE-2026-1536 It was discovered that libsoup did n...
CVE-2026-1539
A flaw was found in the libsoup HTTP library that can cause proxy authentication credentials to be sent to unintended destinations. When handling HTTP redirects, libsoup removes the Authorization header but does not remove the Proxy-Authorization header if the request is redirected to a different...
UBUNTU-CVE-2026-1539
A flaw was found in the libsoup HTTP library that can cause proxy authentication credentials to be sent to unintended destinations. When handling HTTP redirects, libsoup removes the Authorization header but does not remove the Proxy-Authorization header if the request is redirected to a different...