First published: Thu Mar 02 2017(Updated: )
kpac/script.cpp in KDE kio before 5.32 and kdelibs before 4.14.30 calls the PAC FindProxyForURL function with a full https URL (potentially including Basic Authentication credentials, a query string, or PATH_INFO), which allows remote attackers to obtain sensitive information via a crafted PAC file.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
KDE kdelibs | <=4.14.29 | |
KDE kio | <=5.31 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.