CNNVD-202602-966 Information
CNNVD ID
CNNVD-202602-966
Related CVE
- CNNVD Published: 2026-02-06
Description (Chinese)
client-certificate-auth是Tony Gies个人开发者的一个实现客户端SSL证书认证的中间件。 client-certificate-auth 0.2.1版本和0.3.0版本存在输入验证错误漏洞,该漏洞源于中间件无条件地使用未经验证的主机标头将HTTP请求重定向到HTTPS,可能导致开放重定向。
Description (English)
Clit-certificate-auth is an intermediate to the certification of the client SSL certificate by Tony Gies personal developers. clit-certificate-auth 0.2.1 and 0.3.0 have input authentication error holes, which result from the unconditional use of uncertified host header for intermediates to redirect HTTP requests to HTTPS, which may lead to open redirection.
Hazard Level
High
Vulnerability Type
输入验证错误
Affected Vendor
个人开发者
Published
2026-02-06
Last Modified
2026-02-24
References
https://github.com/tgies/client-certificate-auth/releases/tag/v1.0.0 https://github.com/tgies/client-certificate-auth/security/advisories/GHSA-m4w9-gch5-c2g4
Patch
https://github.com/tgies/client-certificate-auth/releases
Share on: