System.Net.Http is vulnerable to an information disclosure. The library does not clear it’s authentication headers during redirection, allowing a malicious user to use a redirect to gain access to information in the authentication header.
CPE | Name | Operator | Version |
---|---|---|---|
system.net.http | le | 4.3.3 | |
system.net.http | le | 4.1.3 | |
system.net.http | le | 2.0.20710 | |
system.net.http.winhttphandler | le | 4.3.3 |