PT-2026-57352 · Rubygems · Excon

Publicado

2026-07-10

·

Atualizado

2026-07-10

CVSS v3.1

6.5

Média

VetorAV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Impact

The redirect follower middleware previously failed to strip a number of headers that are known to be sensitive and did not provide a way to provide a custom list of headers to strip.
What kind of vulnerability is it? Who is impacted? This could cause inadvertent leakage of sensitive data for users of the RedirectFollower middleware in cases where the initial request includes header information that is not intended for the new target.

Patches

Patch exists and is released in v1.5.0

Workarounds

Users can backport the fix to a custom redirect follower middleware.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

Identificadores relacionados

GHSA-48RX-C7PG-Q66R

Produtos afetados

Excon