THREATOPS
THREAT OPSThreat News › [GHSA] GHSA-48rx-c7pg-q66r (medium) — Excon does not redact additional sensitive/risky headers when following redirects

[GHSA] GHSA-48rx-c7pg-q66r (medium) — Excon does not redact additional sensitive/risky headers when following redirects

medgithub_advisoriesPublished 2026-07-10

GHSA-48rx-c7pg-q66r Severity: medium CVE: CVE-2026-54171

Excon does not redact additional sensitive/risky headers when following redirects

### Impact The redirect follower middleware previously failed to strip a number of headers that are known to be sensitive and did not provide a way to provide a custom list of headers to strip.

_What kind of vulnerability is it? Who is impacted?_ This could

Indicators of compromise

Original source: https://github.com/advisories/GHSA-48rx-c7pg-q66r