Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI, which allows remote attackers to discover cleartext credentials because they may appear in SNI data. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Information Disclosure
Lynx
Debian Linux
Fedora
NVD
GitHub
CVSS 3.1
5.3
EPSS
4.5%