Call-Cc: >> Http-Client >> 0.9 Security Vulnerabilities
The "http-client" egg always used a HTTP_PROXY environment variable to determine whether HTTP traffic should be routed via a proxy, even when running as a CGI process. Under several web servers this would mean a user-supplied "Proxy" header could allow an attacker to direct all HTTP requests through a proxy (also known as a "httpoxy" attack). This affects all versions of http-client before 0.10.
CVSS Score
7.5
EPSS Score
0.007
Published
2017-01-10