Lucene search
Veracode Vulnerability DatabaseVERACODE:35927HistoryJun 10, 2022 - 5:21 a.m.
Information Disclosure Via Header Leak
2022-06-1005:21:43
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
17
mechanize vulnerability
information disclosure
header leak
software issue
EPSS
0.001
Percentile
41.2%
mechanize is vulnerable to information disclosure. Remote unauthenticated attackers are able to gain access to the authorization header by redirecting a victim to a different port on the same site.
References
github.com/sparklemotion/mechanize/commit/c7fe6996a5b95f9880653ba3bc548a8d4ef72317
github.com/sparklemotion/mechanize/pull/600
github.com/sparklemotion/mechanize/security/advisories/GHSA-64qm-hrgp-pgr9
lists.fedoraproject.org/archives/list/[email protected]/message/7OKZMR5O3T5HQ2V737TC7IU4WZRT2LGX/
lists.fedoraproject.org/archives/list/[email protected]/message/OA2FJROTX2U6EBWDPKRQ2VAM67A5TQXF/
Related
nvd
nvd
CVE-2022-31033
2022-06-09 20:15:08
fedora
fedora
[SECURITY] Fedora 35 Update: rubygem-mechanize-2.8.5-1.fc35
2022-06-19 00:51:11
[SECURITY] Fedora 36 Update: rubygem-mechanize-2.8.5-1.fc36
2022-06-19 00:38:33
cvelist
cvelist
CVE-2022-31033 Authorization header leak in rubygem Mechanize
2022-06-09 20:00:16
openvas
openvas
Fedora: Security Advisory for rubygem-mechanize (FEDORA-2022-fda14723ec)
2022-06-19 00:00:00
Fedora: Security Advisory for rubygem-mechanize (FEDORA-2022-6b1b324753)
2022-06-19 00:00:00
debiancve
debiancve
CVE-2022-31033
2022-06-09 20:15:08
osv
osv
CVE-2022-31033
2022-06-09 20:15:08
prion
prion
Authorization
2022-06-09 20:15:00
cve
cve
CVE-2022-31033
2022-06-09 20:15:08
ubuntucve
ubuntucve
CVE-2022-31033
2022-06-09 00:00:00
rubygems
rubygems
Authorization header leak on port redirect in mechanize
2022-06-08 21:00:00
github
github