Lucene search
K

175 matches found

OSV
OSV
added 2026/05/07 1:49 a.m.5 views

GHSA-7J59-V9QR-6FQ9 Kiota abstractions RedirectHandler leaks Cookie/Proxy-Authorization headers on cross-host redirect

Summary The RedirectHandler middleware in microsoft/kiota-java com.microsoft.kiota:microsoft-kiota-http-okHttp v1.9.0 and other Kiota libraries fails to strip sensitive HTTP headers when following 3xx redirects to a different host or scheme. This vulnerability is present in the RedirectHandlers...

7CVSS5.9AI score0.00505EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/05/07 12:0 a.m.11 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-pip (UTSA-2026-016506)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016506 advisory. Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint...

6.1CVSS6.5AI score0.02782EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.7 views

PT-2026-35898

Name of the Vulnerable Software and Affected Versions curl affected versions not specified Description When using libcurl to perform a transfer over a specific HTTP proxy proxyA with Digest authentication and subsequently changing the proxy host to a second one proxyB while reusing the same handl...

5.3CVSS5.2AI score0.00471EPSS
Exploits1References38
Tenable Nessus
Tenable Nessus
added 2026/04/23 12:0 a.m.6 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: libsoup (UTSA-2026-014297)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-014297 advisory. A flaw was found in the libsoup HTTP library that can cause proxy authentication credentials to be sent to unintended destinations. When handling HTTP redirects,...

5.8CVSS5.5AI score0.00237EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/18 1:31 a.m.8 views

EUVD-2026-23638

The AsyncHttpClient AHC library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. When redirect following is enabled followRedirecttrue, versions of AsyncHttpClient prior to 3.0.9 and 2.14.5 forward Authorization and Proxy-Authorization headers...

6.8CVSS6AI score0.00326EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.9 views

PT-2026-33219

The AsyncHttpClient AHC library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. When redirect following is enabled followRedirecttrue, versions of AsyncHttpClient prior to 3.0.9 and 2.14.5 forward Authorization and Proxy-Authorization headers...

6.8CVSS6AI score0.00326EPSS
Exploits0References10
Veracode
Veracode
added 2026/04/04 5:32 a.m.15 views

AIOHTTP Leaks Cookie And Proxy-Authorization Headers On Cross-origin Redirect

Summary When following redirects to a different origin, aiohttp drops the Authorization header, but retains the Cookie and Proxy-Authorization headers. Impact The Cookie and Proxy-Authorizations headers could contain sensitive information which may be leaked to an unintended party after following...

6.9CVSS5.8AI score0.00337EPSS
Exploits0Affected Software1
SUSE CVE
SUSE CVE
added 2026/04/02 11:26 p.m.6 views

SUSE CVE-2026-34518

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, when following redirects to a different origin, aiohttp drops the Authorization header, but retains the Cookie and Proxy-Authorization headers. This issue has been patched in version 3.13.4...

5.3CVSS5.7AI score0.00337EPSS
Exploits0References4
Snyk
Snyk
added 2026/04/01 9:47 p.m.4 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure in the handling of cross-origin redirects, where Cookie and Proxy-Authorization headers are not properly removed. An attacker can obtain sensitive information by causing a user to follow a redirect to a malicious...

6.9CVSS5.9AI score0.00337EPSS
Exploits0References2
OSV
OSV
added 2026/04/01 9:47 p.m.3 views

GHSA-966J-VMVW-G2G9 AIOHTTP leaks Cookie and Proxy-Authorization headers on cross-origin redirect

Summary When following redirects to a different origin, aiohttp drops the Authorization header, but retains the Cookie and Proxy-Authorization headers. Impact The Cookie and Proxy-Authorizations headers could contain sensitive information which may be leaked to an unintended party after following...

6.9CVSS5.8AI score0.00337EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/04/01 9:47 p.m.7 views

AIOHTTP leaks Cookie and Proxy-Authorization headers on cross-origin redirect

Summary When following redirects to a different origin, aiohttp drops the Authorization header, but retains the Cookie and Proxy-Authorization headers. Impact The Cookie and Proxy-Authorizations headers could contain sensitive information which may be leaked to an unintended party after following...

6.9CVSS5.8AI score0.00337EPSS
Exploits0References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/03/30 12:0 a.m.13 views

Fedora 44 : libsoup3 (2026-55dabf3975)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-55dabf3975 advisory. Add patch for CVE-2026-1539 Also remove Proxy-Authorization header on cross origin redirect Tenable has extracted the preceding description block directly fr...

5.8CVSS6AI score0.00237EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2026/03/23 12:0 a.m.7 views

Fedora: Security Advisory (FEDORA-2026-f029d04054)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.8CVSS5.8AI score0.00237EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/03/20 12:0 a.m.15 views

Fedora 43 : libsoup3 (2026-f029d04054)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-f029d04054 advisory. Add patch for CVE-2026-1539 Also remove Proxy-Authorization header on cross origin redirect Tenable has extracted the preceding description block directly fr...

5.8CVSS5.8AI score0.00237EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/03/20 12:0 a.m.5 views

Fedora 45 : libsoup3 (2026-6fb683df94)

The remote Fedora 45 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-6fb683df94 advisory. Automatic update for libsoup3-3.6.6-6.fc45. Changelog Thu Mar 19 2026 Milan Crha - 3.6.6-6 - Add patch for CVE-2026-1539 Also remove Proxy-Authorization head...

5.8CVSS5.8AI score0.00237EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/03/17 12:0 a.m.7 views

MiracleLinux 9 : fence-agents-4.10.0-98.el9_7.10 (AXBA:2026-317:06)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXBA:2026-317:06 advisory. - urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is...

8.9CVSS6.9AI score0.02667EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2026/03/06 12:0 a.m.3 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : libsoup2 (SUSE-SU-2026:0811-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0811-1 advisory. - CVE-2026-1467: lack of input sanitization can lead to unintended or unauthorized HTTP requests...

5.8CVSS6.1AI score0.00423EPSS
Exploits1References10
Ubuntu
Ubuntu
added 2026/02/08 11:40 p.m.7 views

USN-8020-1: libsoup vulnerabilities

It was discovered that libsoup did not correctly handle certain URL-decoded input, which could allow for HTTP header injection. A remote attacker could possibly use this issue to cause a denial of service or execute arbitrary code. CVE-2026-1467, CVE-2026-1536 It was discovered that libsoup did n...

5.8CVSS6AI score0.00312EPSS
Exploits2
UbuntuCve
UbuntuCve
added 2026/01/28 4:16 p.m.6 views

CVE-2026-1539

A flaw was found in the libsoup HTTP library that can cause proxy authentication credentials to be sent to unintended destinations. When handling HTTP redirects, libsoup removes the Authorization header but does not remove the Proxy-Authorization header if the request is redirected to a different...

5.8CVSS6AI score0.00237EPSS
Exploits0References3
OSV
OSV
added 2026/01/28 4:16 p.m.1 views

UBUNTU-CVE-2026-1539

A flaw was found in the libsoup HTTP library that can cause proxy authentication credentials to be sent to unintended destinations. When handling HTTP redirects, libsoup removes the Authorization header but does not remove the Proxy-Authorization header if the request is redirected to a different...

5.8CVSS5.9AI score0.00237EPSS
Exploits0References4
Rows per page
Query Builder