CVE-2024-45336

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-45336

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-45336.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-45336

Aliases

Downstream

BELL-CVE-2024-45336

DEBIAN-CVE-2024-45336

ECHO-befe-522f-1557

MINI-2q68-98wq-g6qw

MINI-2w3m-4wx3-6cw7

MINI-62mr-r4xm-ff25

MINI-89xq-274g-r6wj

MINI-8j6x-h8w3-v8gj

MINI-8mpj-x8hm-mcvr

MINI-c6hg-72j8-cw9f

MINI-f678-w2hf-7xgx

MINI-g7jr-fw43-vw55

MINI-gw8h-m4x5-6qm4

MINI-hj7g-56hv-3mmm

MINI-jf22-729g-xwvx

MINI-jhcm-4mpr-vxpw

MINI-mc9f-rhmf-9x7c

MINI-mr33-9827-hx6c

MINI-px4x-r2qf-mvp2

MINI-r859-j56r-24m9

MINI-wcgc-jfhf-w866

OESA-2025-1221

OESA-2025-1222

OESA-2025-1223

OESA-2025-1224

RHSA-2025:3335

RHSA-2025:3593

RHSA-2025:3772

RHSA-2025:3773

RHSA-2025:7326

RHSA-2025:7466

RHSA-2025:7592

RHSA-2025:7624

RHSA-2025:9514

RLSA-2025:3772

RLSA-2025:3773

RLSA-2025:7466

RLSA-2025:7592

SUSE-SU-2025:01731-1

SUSE-SU-2025:0280-1

SUSE-SU-2025:0281-1

SUSE-SU-2025:0285-1

SUSE-SU-2025:0297-1

SUSE-SU-2025:03159-1

SUSE-SU-2025:0429-1

SUSE-SU-2025:1555-1

UBUNTU-CVE-2024-45336

USN-7574-1

openSUSE-SU-2025:14693-1

openSUSE-SU-2025:14694-1

openSUSE-SU-2025:14695-1

openSUSE-SU-2025:14710-1

openSUSE-SU-2025:15030-1

Related

Published

2025-01-28T02:15:28Z

Modified

2026-02-04T04:37:45.898513Z

Summary

[none]

Details

The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header which is redirected to b.com/ will not send that header to b.com. In the event that the client received a subsequent same-domain redirect, however, the sensitive headers would be restored. For example, a chain of redirects from a.com/, to b.com/1, and finally to b.com/2 would incorrectly send the Authorization header to b.com/2.

References

Affected packages