Tag
A vulnerability in the `Tesla.Middleware.FollowRedirects` component of the `tesla` Elixir HTTP client library allows `Authorization` headers to be leaked during cross-origin redirects due to a case-sensitive comparison, enabling an attacker controlling a redirect destination to receive bearer tokens or other credentials from applications using `tesla` versions 0.6.0 through 1.18.2.