Product
The RedirectHandler middleware in multiple Kiota libraries fails to strip sensitive HTTP headers (Cookie, Proxy-Authorization, and custom headers) when following 3xx redirects to a different host or scheme, potentially leading to session hijacking, corporate proxy credential theft, and API key theft.