Lucene search
Veracode Vulnerability DatabaseVERACODE:45510HistoryFeb 19, 2024 - 5:12 a.m.
Proxy-Authentication Header Leakage
2024-02-1905:12:23
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
10
undici
vulnerability
proxy-authentication
headers
leakage
cross-origin
redirects
attackers
unauthorized access
sensitive data
exposure
Undici is vulnerable to Proxy-Authentication header leakage. The vulnerability is due to not clearing Proxy-Authentication headers on cross-origin redirects. Attackers could potentially exploit this vulnerability to gain unauthorized access or obtain sensitive data transmitted via these headers, leading exposure of sensitive information.
References
www.openwall.com/lists/oss-security/2024/03/11/1
github.com/nodejs/undici/commit/b9da3e40f1f096a06b4caedbb27c2568730434ef
github.com/nodejs/undici/commit/d3aa574b1259c1d8d329a0f0f495ee82882b1458
github.com/nodejs/undici/releases/tag/v5.28.3
github.com/nodejs/undici/releases/tag/v6.6.1
github.com/nodejs/undici/security/advisories/GHSA-3787-6prv-h9w3
security.netapp.com/advisory/ntap-20240419-0007/
Related
osv
osv
CVE-2024-24758
2024-02-16 22:15:08
hackerone
hackerone
cve
cve
CVE-2024-24758
2024-02-16 22:15:08
github
github
cvelist
cvelist
ibm
ibm
ubuntucve
ubuntucve
CVE-2024-24758
2024-02-16 00:00:00
debiancve
debiancve
CVE-2024-24758
2024-02-16 22:15:08
prion
prion
Authorization
2024-02-16 22:15:00
redhatcve
redhatcve
CVE-2024-24758
2024-02-18 12:19:29
nessus
nessus
SUSE SLES12 Security Update : nodejs16 (SUSE-SU-2024:0731-1)
2024-03-01 00:00:00
SUSE SLES15 Security Update : nodejs16 (SUSE-SU-2024:0729-1)
2024-03-06 00:00:00
openvas
openvas
openSUSE: Security Advisory for nodejs16 (SUSE-SU-2024:0729-1)
2024-03-08 00:00:00
SUSE: Security Advisory (SUSE-SU-2024:0729-1)
2024-03-04 00:00:00
SUSE: Security Advisory (SUSE-SU-2024:0728-1)
2024-03-04 00:00:00