CVE-2025-4673

Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information...

Updated golang packages fix security vulnerabilities

Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information. CVE-2025-4673. os: inconsistent handling of OCREATE|OEXCL on Unix and Windows os.OpenFilepath, os.OCREATE|OEXCL behaved differently on Unix and Windows systems when th...

NewStart CGSL MAIN 7.02 : python-urllib3 Vulnerability (NS-SA-2025-0073)

The remote NewStart CGSL host, running version MAIN 7.02, has python-urllib3 packages installed that are affected by a vulnerability: - urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to t...

SUSE CVE-2025-4673

Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information...

curl: Failure to strip Proxy-Authorization header on change in origin

Summary: Failure to strip Proxy-Authorization header on change in origin. AI was not used. I maintain the PHP Guzzle HTTP package which uses curl, and noticed we have the same issue as curl in this regard. I was made aware of this issue when golang patched something similar a few hours ago:...

CVE-2021-3116

beforeupstreamconnection in AuthPlugin in http/proxy/auth.py in proxy.py before 2.3.1 accepts incorrect Proxy-Authorization header data because of a boolean confusion and versus or...

Alibaba Cloud Linux 3 : 0097: python-requests (ALINUX3-SA-2023:0097)

The remote Alibaba Cloud Linux 3 host has a package installed that is affected by a vulnerability as referenced in the ALINUX3-SA-2023:0097 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2023-32681: Requests is a HTTP library. Since...

Alibaba Cloud Linux 3 : 0179: resource-agents (ALINUX3-SA-2024:0179)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2024:0179 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2024-37891: urllib3 is a user-friendly...

RLSA-2024:5309 Moderate: python-urllib3 security update

The python-urllib3 package provides the Python HTTP module with connection pooling and file POST abilities. Security Fixes: urllib3: proxy-authorization request header is not stripped during cross-origin redirects CVE-2024-37891 For more details about the security issues, including the impact, a...

Security Bulletin: Vulnerability in requests affects IBM Cloud Pak for Data System 1.0(CPDS 1.0)[CVE-2023-32681]

Summary The requests package is used by IBM Cloud Pak for Data System 1.0. IBM Cloud Pak for Data System 1.0 has addressed the applicable CVE CVE-2023-32681. Vulnerability Details CVEID:CVE-2023-32681 DESCRIPTION: Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking...

Information Exposure

Overview agpt is an An open-source attempt to make GPT-4 autonomous Affected versions of this package are vulnerable to Information Exposure through the request.py wrapper. An attacker can intercept and misuse sensitive information by exploiting the improper handling of HTTP headers and cookies...

python3.12-urllib3 security update

An update is available for python3.12-urllib3. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list urllib3 is a powerful, user-friendly HTTP client for Python. urlli...

Security Bulletin: Netcool Operations Insights 1.6.14 addresses multiple security vulnerabilities.

Summary Netcool Operations Insight v1.6.14 addresses multiple security vulnerabilities, listed in the CVEs below. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-32681 DESCRIPTION: Requests is a HTTP library. Since Requests 2.3.0,...

Linux Distros Unpatched Vulnerability : CVE-2023-32681

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS...

Linux Distros Unpatched Vulnerability : CVE-2024-37891

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to...

Linux Distros Unpatched Vulnerability : CVE-2013-2503

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Privoxy before 3.0.21 does not properly handle Proxy-Authenticate and Proxy-Authorization headers in the client-server data stream, which makes it easier for...

Astra Linux - уязвимость в node-undici

Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici cleared Authorization and Proxy-Authorization headers for fetch, but did not clear them for undici.request. This vulnerability was patched in versions 5.28.4 and 6.11.1...

Azure Linux 3.0 Security Update: python-pip / python-urllib3 / python3 (CVE-2024-37891)

The version of python-pip / python-urllib3 / python3 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-37891 advisory. - urllib3 is a user-friendly HTTP client library for Python. When using urllib3...

Security update for python-urllib3

This update for python-urllib3 fixes the following issues: CVE-2024-37891: Fixed issue where proxy-authorization request header was not stripped during cross-origin redirects bsc1226469 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

SUSE-SU-2025:20037-1 Security update for python-urllib3

This update for python-urllib3 fixes the following issues: - CVE-2024-37891: Fixed issue where proxy-authorization request header was not stripped during cross-origin redirects bsc1226469...