Mechanize automatically stores and sends cookies, follows redirects, and can follow links and submit forms. The Authorization header is leaked after a redirect to a different port on the same site. Reference: https://github.com/sparklemotion/mechanize/security/advisories/GHSA-64qm-hrgp-pgr9 https://github.com/sparklemotion/mechanize/commit/c7fe6996a5b95f9880653ba3bc548a8d4ef72317
Created rubygem-mechanize tracking bugs for this issue: Affects: fedora-all [bug 2095711]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.