Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The "http-client" egg always used a HTTP_PROXY environment variable to determine whether HTTP traffic should be routed via a proxy, even when running as a CGI process. Under several web servers this would mean a user-supplied "Proxy" header could allow an attacker to direct all HTTP requests through a proxy (also known as a "httpoxy" attack). This affects all versions of http-client before 0.10.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
http-client 安全漏洞
Vulnerability Description
http-client是一个HTTP客户端库。 http-client 0.10之前的版本中存在安全漏洞。攻击者可利用该漏洞通过代理直接发送HTTP请求。
CVSS Information
N/A
Vulnerability Type
N/A