CVE-2026-8368

A flaw was found in LWP::UserAgent, a component of perl-libwww-perl. This vulnerability allows a remote attacker to obtain a user's credentials by redirecting a request to an attacker-controlled host. When processing a redirect, the LWP::UserAgent fails to properly strip Authorization and...

LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross-origin redirects

...

SUSE CVE-2026-8368

LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross-origin redirects. On a 3xx response, the redirect handler strips only Host and Cookie before issuing the follow-up request. Caller-supplied Authorization and Proxy-Authorization headers are se...

CVE-2026-8368

LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross-origin redirects. On a 3xx response, the redirect handler strips only Host and Cookie before issuing the follow-up request. Caller-supplied Authorization and Proxy-Authorization headers are se...

CVE-2026-8368 LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross-origin redirects

LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross-origin redirects. On a 3xx response, the redirect handler strips only Host and Cookie before issuing the follow-up request. Caller-supplied Authorization and Proxy-Authorization headers are se...

CVE-2022-23496

Yet Another UserAgent Analyzer Yauaa is a java library that tries to parse and analyze the useragent string and extract as many relevant attributes as possible. Applications using the Client Hints analysis feature introduced with 7.0.0 can crash because the Yauaa library throws an...

EUVD-2018-0302

Malware in sbrugna...

EUVD-2004-0779

Malware in sbrugna...

EUVD-2023-33974

Malicious code in bioql PyPI...

Malicious code in yandex-useragent (npm)

The package yandex-useragent was found to contain malicious code...

CVE-2023-2490

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Fernando Briano UserAgent-Spy plugin = 1.3.1 versions...

SUSE CVE-2020-26311

Useragent is a user agent parser for Node.js. All versions as of time of publication contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service ReDoS. As of time of publication, no patches are available...

3dtoolkit-signal (>=1.1.0 <=2.1.0), 6to5 (>=3.0.16 <=3.6.5) +3745 more potentially affected by CVE-2020-26311 via useragent (>=0.1.2 <=2.3.0)

useragent NPM version =0.1.2, =1.1.0, =3.0.16, =0.0.1, =3.0.16, =0.0.1, =4.0.0, =0.0.15, =8.25.29, =0.2.0-alpha.1, =3.0.1, =1.0.54, =4.0.0, =5.0.13 - @adora-wallet/adoracore-build =8.25.10 and more Source cves: CVE-2020-26311 Source advisory: OSV:GHSA-MGFV-M47X-4WQP...

GHSA-MGFV-M47X-4WQP useragent Regular Expression Denial of Service vulnerability

Useragent is a user agent parser for Node.js. All versions as of time of publication contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service ReDoS. PoC js async function exploit const useragent = require"useragent"; // Create a malicious user-agent that...

CVE-2020-26311

Useragent is a user agent parser for Node.js. All versions as of time of publication contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service ReDoS. As of time of publication, no patches are available...

CVE-2020-26311

Useragent is a user agent parser for Node.js. All versions as of time of publication contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service ReDoS. As of time of publication, no patches are available...

CVE-2020-26311

The CVE-2020-26311 entry concerns the Node.js Useragent parser. The connected sources confirm a Regular Expression Denial of Service (ReDoS) vulnerability caused by one or more part-regular expressions within the useragent package, affecting all versions at the time of publication. The impact is ...

CVE-2020-26311 GHSL-2020-312: Regular Expression Denial of Service (ReDoS) in useragent

Useragent is a user agent parser for Node.js. All versions as of time of publication contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service ReDoS. As of time of publication, no patches are available...

CVE-2020-26311 GHSL-2020-312: Regular Expression Denial of Service (ReDoS) in useragent

Useragent is a user agent parser for Node.js. All versions as of time of publication contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service ReDoS. As of time of publication, no patches are available...

PT-2024-10801 · Useragent · Useragent

Name of the Vulnerable Software and Affected Versions: Useragent versions prior to a fixed version no fixed version specified Description: The issue concerns a Regular Expression Denial of Service ReDoS vulnerability in the Useragent user agent parser for Node.js. This vulnerability affects all...