2 matches found
CVE-2026-40895 follow-redirects: Custom Authentication Headers Leaked to Cross-Domain Redirect Targets
follow-redirects is an open source, drop-in replacement for Node's http and https modules that automatically follows redirects. Prior to 1.16.0, when an HTTP request follows a cross-domain redirect 301/302/307/308, follow-redirects only strips authorization, proxy-authorization, and cookie header...
CVE-2022-2037
Excessive Attack Surface in GitHub repository tooljet/tooljet prior to v1.16.0...