Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
veracodeVeracode Vulnerability DatabaseVERACODE:36176
HistoryJun 28, 2022 - 3:49 a.m.

Information Disclosure

2022-06-2803:49:38
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
19
guzzlehttp/guzzle
vulnerability
information disclosure
redirectmiddleware.php
curlopt_httpauth
authorization header
malicious urls
security

EPSS

0.002

Percentile

61.2%

JSON

guzzlehttp/guzzle is vulnerable to information disclosure. The vulnerability exists because the checkRedirect function of RedirectMiddleware.php does not properly clear the CURLOPT_HTTPAUTH option on a change of origin, allowing an attacker to get sensitive information through the Authorization header by redirecting to the malicious urls.

Related

prion 1
cvelist 1
debiancve 1
nvd 1
ubuntucve 1
osv 3
cve 1
friendsofphp 1
github 1
openvas 2
mageia 1
debian 1
nessus 2
gentoo 1
prion
prion
Design/Logic Flaw
2022-06-27 22:15:00
cvelist
cvelist
CVE-2022-31090 CURLOPT_HTTPAUTH option not cleared on change of origin in Guzzle
2022-06-27 00:00:00
debiancve
debiancve
CVE-2022-31090
2022-06-27 22:15:08
nvd
nvd
CVE-2022-31090
2022-06-27 22:15:08
ubuntucve
ubuntucve
CVE-2022-31090
2022-06-27 00:00:00
osv
osv
CVE-2022-31090
2022-06-27 22:15:08
CURLOPT_HTTPAUTH option not cleared on change of origin
2022-06-21 16:57:10
mediawiki - security update
2022-10-04 00:00:00
cve
cve
CVE-2022-31090
2022-06-27 22:15:08
friendsofphp
friendsofphp
CURLOPT_HTTPAUTH option not cleared on change of origin
2022-06-20 22:24:00
github
github
CURLOPT_HTTPAUTH option not cleared on change of origin
2022-06-21 16:57:10
openvas
openvas
Mageia: Security Advisory (MGASA-2022-0338)
2022-09-19 00:00:00
Debian: Security Advisory (DSA-5246-1)
2022-10-05 00:00:00
mageia
mageia
Updated mediawiki packages fix security vulnerability
2022-09-16 22:39:55
debian
debian
[SECURITY] [DSA 5246-1] mediawiki security update
2022-10-04 18:53:33
nessus
nessus
Debian DSA-5246-1 : mediawiki - security update
2022-10-05 00:00:00
GLSA-202305-24 : MediaWiki: Multiple Vulnerabilities
2023-05-21 00:00:00
gentoo
gentoo
MediaWiki: Multiple Vulnerabilities
2023-05-21 00:00:00

EPSS

0.002

Percentile

61.2%

JSON
Related for VERACODE:36176
prion1cvelist1debiancve1nvd1ubuntucve1osv3cve1friendsofphp1github1openvas2mageia1debian1nessus2gentoo1