Undici already cleared Authorization headers on cross-origin redirects, but did not clear Proxy-Authorization
headers.
This is patched in v5.28.3 and v6.6.1
There are no known workarounds.
{ "nvd_published_at": "2024-02-16T22:15:08Z", "cwe_ids": [ "CWE-200" ], "severity": "LOW", "github_reviewed": true, "github_reviewed_at": "2024-02-16T16:02:52Z" }