Uploaded image for project: 'Nuxeo Drive '
  1. Nuxeo Drive
  2. NXDRIVE-2956 Update Dependencies for nxdrive v5.5.1
  3. NXDRIVE-2970

Fix security issue: urllib3's Proxy-Authorization request header isn't stripped during cross-origin redirects

    XMLWordPrintable

    Details

    • Type: Sub-task
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Packaging / Build, Security
    • Tags:
    • Sprint:
      nxdrive #63, nxdrive #64, nxdrive #65, nxdrive #66, nxdrive #67, nxdrive #68, nxdrive #69
    • Story Points:
      1

      Description

      Fix security issues:

      1. urllib3's Proxy-Authorization request header isn't stripped during cross-origin redirects #31 (https://github.com/nuxeo/nuxeo-drive/security/dependabot/31 )
      2. urllib3's request body not stripped after redirect from 303 status changes request method to GET #20 (https://github.com/nuxeo/nuxeo-drive/security/dependabot/20 )
      3. `Cookie` HTTP header isn't stripped on cross-origin redirects #18 (https://github.com/nuxeo/nuxeo-drive/security/dependabot/18 )

        Attachments

          Activity

            People

            • Assignee:
              pramkrishnadain pramkrishnadain
              Reporter:
              pramkrishnadain pramkrishnadain
              Participants:
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: