HIGH
HAARG
CVE published 2026-07-07
CVE-2026-7017
HTTP::Tiny versions before 0.095 for Perl contain a vulnerability that forwards credential headers to cross-origin redirect targets. When a server returns a 3xx redirect, the `_maybe_redirect` function follows the `Location:` header and `_prepare_headers_and_cb` re-merges the caller's `headers` argument into the new request without checking whether the redirect target shares an origin with the original UR [truncated]