AZL-61498

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-61498.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-61498

Upstream

CVE-2025-46421

Published

2025-04-24T13:15:45Z

Modified

2026-04-01T05:19:42.155890Z

Summary

CVE-2025-46421 affecting package libsoup for versions less than 3.0.4-6

Details

A flaw was found in libsoup. When libsoup clients encounter an HTTP redirect, they mistakenly send the HTTP Authorization header to the new host that the redirection points to. This allows the new host to impersonate the user to the original host that issued the redirect.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-46421

Affected packages

Azure Linux:2 / libsoup

Package

Name: libsoup
Purl: pkg:rpm/azure-linux/libsoup

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.0.4-6

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-61498.json"