System.Net.Http in rh-dotnetcore10 and rh-dotnetcore11 is vulnerable to an information disclosure. The library does not clear it’s authentication headers during redirection, allowing a malicious user to use a redirect to gain access to information in the authentication header.