Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
cpp-httplib Client Leaks Authentication Credentials to Untrusted Hosts on Cross-Origin HTTP Redirect
Vulnerability Description
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.39.0, the cpp-httplib HTTP client forwards stored Basic Auth, Bearer Token, and Digest Auth credentials to arbitrary hosts when following cross-origin HTTP redirects (301/302/307/308). A malicious or compromised server can redirect the client to an attacker-controlled host, which then receives the plaintext credentials in the `Authorization` header. Version 0.39.0 fixes the issue.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Vulnerability Type
信息暴露
Vulnerability Title
cpp-httplib 信息泄露漏洞
Vulnerability Description
cpp-httplib是yhirose个人开发者的一款使用C++语言编写的HTTP/HTTPS服务器和客户端库。 cpp-httplib 0.39.0之前版本存在信息泄露漏洞,该漏洞源于HTTP客户端在遵循跨域HTTP重定向时转发存储的凭据,可能导致明文凭据泄露。
CVSS Information
N/A
Vulnerability Type
N/A