175 matches found
CVE-2026-1539 Libsoup: libsoup: credential leakage via http redirects
A flaw was found in the libsoup HTTP library that can cause proxy authentication credentials to be sent to unintended destinations. When handling HTTP redirects, libsoup removes the Authorization header but does not remove the Proxy-Authorization header if the request is redirected to a different...
CVE-2026-1539
The connected IBM ACE bulletin confirms CVE-2026-1539 is a libsoup HTTP library issue: during HTTP redirects, the library removes the Authorization header but may fail to remove Proxy-Authorization when redirecting to a different host, potentially leaking proxy credentials to third-party servers....
CVE-2026-1539
A flaw was found in the libsoup HTTP library that can cause proxy authentication credentials to be sent to unintended destinations. When handling HTTP redirects, libsoup removes the Authorization header but does not remove the Proxy-Authorization header if the request is redirected to a different...
libsoup security vulnerabilities
Libsoup is a GNOME project’s HTTP client/server library. Libsoup has a security vulnerability that stems from failing to remove the Proxy-Authorization header when handling HTTP redirection, which may lead to the exposure of proxy credentials...
Medium: python3-urllib3
Issue Overview: urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy, as expected. However, when sending HTTP requests without using urllib3's proxy support, it's possib...
MiracleLinux 7 : python-pip-9.0.3-8.0.1.el7.AXS7 (AXSA:2024-8982:05)
The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2024-8982:05 advisory. CVE-2024-37891: strip Proxy-Authorization header on redirects CVEs: CVE-2024-37891 urllib3 is a user-friendly HTTP client library for Python. When using...
MiracleLinux 9 : python3.12-urllib3-1.26.18-2.el9.1 (AXSA:2024-9270:02)
The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2024-9270:02 advisory. urllib3: proxy-authorization request header is not stripped during cross-origin redirects CVE-2024-37891 Tenable has extracted the preceding description bloc...
MiracleLinux 9 : python-requests-2.25.1-7.el9 (AXSA:2023-6284:01)
The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6284:01 advisory. python-requests: Unintended leak of Proxy-Authorization header CVE-2023-32681 Tenable has extracted the preceding description block directly from the...
MiracleLinux 9 : python3.11-urllib3-1.26.12-2.el9.1 (AXSA:2024-9170:04)
The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2024-9170:04 advisory. urllib3: proxy-authorization request header is not stripped during cross-origin redirects CVE-2024-37891 Tenable has extracted the preceding description bloc...
MiracleLinux 7 : python-urllib3-1.10.2-7.0.1.el7.AXS7 (AXSA:2024-9026:07)
The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2024-9026:07 advisory. CVE-2024-37891: strip Proxy-Authorization header on redirects CVEs: CVE-2024-37891 urllib3 is a user-friendly HTTP client library for Python. When using...
TencentOS Server 3: python3.11-urllib3 (TSSA-2024:0797)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0797 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...
TencentOS Server 4: python-urllib3 (TSSA-2024:0551)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0551 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...
EUVD-2014-0098
Malware in sbrugna...
EUVD-2009-0615
Malware in sbrugna...
EUVD-2023-0227
Malicious code in bioql PyPI...
Security Bulletin: urllib3 Proxy-Authorization header only applies with ProxyManager, not direct requests
Summary urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy, as expected. However, when sending HTTP requests without using urllib3's proxy support, it's possible to...
OESA-2025-2339 python-pip security update
pip is the package installer for Python. You can use pip to install packages from the Python Package Index and other indexes. %global bashcompdir %b=$pkg-config --variable=completionsdir bash-completion 2/dev/null; echo $b:-/bashcompletion.d Name: python-pip Version: 23.3.1 Release: 5 Summary: A...
OESA-2025-2068 restic security update
restic is a backup program. It supports verification, encryption, snapshots and deduplication. Security Fixes: Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.CVE-2025-4673...
OESA-2025-2067 restic security update
restic is a backup program. It supports verification, encryption, snapshots and deduplication. Security Fixes: Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.CVE-2025-4673...
CLSA-2025-1755115606 golang: Fix of CVE-2025-4673
CVE-2025-4673: remove Proxy-Authorization and Proxy-Authenticate headers from cross-origin redirects to prevent sensitive information leakage...