DirectorySecurity Advisories
Sign In
Security Advisories

CGA-7g4q-75vq-228c

Published

Last updated

https://images.chainguard.dev/security/CGA-7g4q-75vq-228c
Package

configurable-http-proxy

Latest Update
Fixed
Fixed Version

4.6.1-r3

Aliases
  • CVE-2024-28849
  • GHSA-cxjh-pqwp-8mfp

Severity

6.5

Medium

CVSS V3

Summary

follow-redirects' Proxy-Authorization header kept across hosts

Description

When using axios, its dependency follow-redirects only clears authorization header during cross-domain redirect, but allows the proxy-authentication header which contains credentials too.

Steps To Reproduce & PoC

Test code:

const axios = require('axios');

axios.get('http://127.0.0.1:10081/', {
 headers: {
 'AuThorization': 'Rear Test',
 'ProXy-AuthoriZation': 'Rear Test',
 'coOkie': 't=1'
 }
})
 .then((response) => {
 console.log(response);
 })

When I meet the cross-domain redirect, the sensitive headers like authorization and cookie are cleared, but proxy-authentication header is kept.

Impact

This vulnerability may lead to credentials leak.

Recommendations

Remove proxy-authentication header during cross-domain redirect

Recommended Patch

follow-redirects/index.js:464

- removeMatchingHeaders(/^(?:authorization|cookie)$/i, this._options.headers);
+ removeMatchingHeaders(/^(?:authorization|proxy-authorization|cookie)$/i, this._options.headers);

References

Updates


Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2024 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard Images