THREAT OPS › Threat News › [GHSA] GHSA-48rx-c7pg-q66r (medium) — Excon does not redact additional sensitive/risky headers when following redirects
[GHSA] GHSA-48rx-c7pg-q66r (medium) — Excon does not redact additional sensitive/risky headers when following redirects
GHSA-48rx-c7pg-q66r Severity: medium CVE: CVE-2026-54171
Excon does not redact additional sensitive/risky headers when following redirects
### Impact The redirect follower middleware previously failed to strip a number of headers that are known to be sensitive and did not provide a way to provide a custom list of headers to strip.
_What kind of vulnerability is it? Who is impacted?_ This could
Indicators of compromise
- ea89a35308a12f4b791b6c50f2cbd33f94889fa3sha1
- CVE-2026-54171cve
Original source: https://github.com/advisories/GHSA-48rx-c7pg-q66r