CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-11021 – HTTP request which redirect to another hostname do not strip authorization header in Actions Http-Client
https://notcve.org/view.php?id=CVE-2020-11021
29 Apr 2020 — Actions Http-Client (NPM @actions/http-client) before version 1.0.8 can disclose Authorization headers to incorrect domain in certain redirect scenarios. The conditions in which this happens are if consumers of the http-client: 1. make an http request with an authorization header 2. that request leads to a redirect (302) and 3. the redirect url redirects to another domain or hostname Then the authorization header will get passed to the other domain. The problem is fixed in version 1.0.8. Actions Http-Client... • https://github.com/ossf-cve-benchmark/CVE-2020-11021 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-6286
https://notcve.org/view.php?id=CVE-2016-6286
10 Jan 2017 — The "spiffy-cgi-handlers" egg would convert a nonexistent "Proxy" header to the HTTP_PROXY environment variable, which would allow attackers to direct CGI programs which use this environment variable to use an attacker-specified HTTP proxy server (also known as a "httpoxy" attack). This affects all versions of spiffy-cgi-handlers before 0.5. El huevo "spiffy-cgi-handlers" convertiría una cabecera "Proxy" inexistente a la variable de entorno HTTP_PROXY, lo que podrían permitir a atacantes dirigir programas C... • http://lists.gnu.org/archive/html/chicken-announce/2016-07/msg00000.html • CWE-19: Data Processing Errors •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-6287
https://notcve.org/view.php?id=CVE-2016-6287
10 Jan 2017 — The "http-client" egg always used a HTTP_PROXY environment variable to determine whether HTTP traffic should be routed via a proxy, even when running as a CGI process. Under several web servers this would mean a user-supplied "Proxy" header could allow an attacker to direct all HTTP requests through a proxy (also known as a "httpoxy" attack). This affects all versions of http-client before 0.10. El huevo "http-client" siempre utilizó una variable de entorno HTTP_PROXY para determinar si el tráfico HTTP debe... • http://lists.gnu.org/archive/html/chicken-announce/2016-07/msg00000.html • CWE-19: Data Processing Errors •