Severity by source
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
Improper Handling of Case Sensitivity vulnerability in elixir-tesla tesla allows credential leakage to a third-party origin on cross-origin redirects.
Tesla.Middleware.FollowRedirects strips security-sensitive headers on cross-origin redirects using a case-sensitive string comparison against a lowercase filter list (@filter_headers ["authorization", "host"]). HTTP header names are case-insensitive per RFC 7230, but Tesla preserves header keys verbatim as supplied by the caller without normalizing case. A header set as {"Authorization", "Bearer …"} (the RFC 7235 canonical casing used by virtually all HTTP libraries and documentation) does not match the lowercase filter entry and is forwarded to the redirect destination. An attacker who can control or influence a Location: response seen by the client (via their own endpoint, a redirect-open upstream, or a compromised origin) receives the bearer token or other Authorization material on the cross-origin request.
This issue affects tesla: from 1.4.0 before 1.18.3.
AnalysisAI
Credential leakage in elixir-tesla (Tesla HTTP client for Elixir) versions 1.4.0 through 1.18.2 allows Authorization and Host headers to be forwarded to attacker-controlled origins during cross-origin HTTP redirects. The Tesla.Middleware.FollowRedirects component compares header names case-sensitively against a lowercase filter list, so headers using the RFC 7235 canonical casing (e.g., 'Authorization') bypass stripping and reach the redirect target. No public exploit identified at time of analysis, but the upstream fix is committed and a patched release (1.18.3) is available.
Technical ContextAI
Tesla is a widely used HTTP client library for the Elixir/Erlang ecosystem, typically embedded in service clients, SDKs, and webhook integrations. The vulnerability sits in lib/tesla/middleware/follow_redirects.ex, where filter_headers/3 used k not in @filter_headers with @filter_headers hardcoded to the lowercase strings 'authorization' and 'host'. Because Tesla preserves caller-supplied header keys verbatim and HTTP header names are case-insensitive per RFC 7230/9110, any header set with non-lowercase casing - including the canonical 'Authorization' form emitted by nearly every HTTP library, documentation example, and SDK - fails the comparison and survives the redirect. This is a textbook CWE-178 (Improper Handling of Case Sensitivity) issue: a security-critical comparison performed on text whose semantics are case-insensitive. The remediation commit (db963db) replaces the membership check with String.downcase(key) in drop and additionally expands the stripped set to cover hop-by-hop headers, Cookie, Proxy-Authorization, Referer, Origin, and request-body metadata on 303 method changes, aligning with RFC 9110 §15.4.
RemediationAI
Vendor-released patch: upgrade tesla to 1.18.3 or later (fix commit db963dba67651b9abd1fc420a1d9679cf6efe182, advisory GHSA-9m9w-gxf7-rh8m). Update mix.exs to {:tesla, "~> 1.18.3"} and run mix deps.update tesla. If an immediate upgrade is not possible, the most effective workaround is to remove Tesla.Middleware.FollowRedirects from the middleware stack and handle redirects manually with explicit per-hop header control - the trade-off is that any client relying on automatic redirect following will break and must be refactored. As a less invasive interim mitigation, normalize all sensitive header keys to lowercase at the call site (e.g., {"authorization", "Bearer …"} instead of {"Authorization", …}), which matches the legacy filter list; the trade-off is that this only covers Authorization and Host (not Cookie, Proxy-Authorization, Referer, Origin, which the patched version also strips) and is easy to regress when new call sites are added. Restricting outbound HTTP to an allowlist of known hosts at the egress proxy layer also limits where leaked credentials can be sent, at the cost of operational overhead for legitimate third-party integrations.
The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and
An authenticated path traversal vulnerability in Langflow's file upload functionality allows attackers to write arbitrar
Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an attacker to run arbitra
An authorization bypass vulnerability in gRPC-Go allows attackers to circumvent path-based access control by sending HTT
Arbitrary file read in Langroid's SQLChatAgent (<= 0.63.0) lets an attacker who can influence the LLM-generated SQL exfi
An issue was discovered in the jsrsasign package through 8.0.18 for Node.js. Rated high severity (CVSS 7.5), this vulner
The Elliptic package 6.5.2 for Node.js allows ECDSA signature malleability via variations in encoding, leading '\0' byte
Resource exhaustion in OpenTelemetry Go propagation library (v1.41.0 and earlier) enables remote attackers to trigger se
A vulnerability in the seccomp filters of Canonical snapd before version 2.37.4 allows a strict mode snap to insert char
The Linux kernel before 3.15.4 on Intel processors does not properly restrict use of a non-canonical value for the saved
concrete5 8.1.0 places incorrect trust in the HTTP Host header during caching, if the administrator did not define a "ca
Timestamp forgery in sigstore-js allows an attacker supplying a crafted bundle v0.2 to manipulate certificate validity w
Same weakness CWE-178 – Improper Handling of Case Sensitivity
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-34014
GHSA-9m9w-gxf7-rh8m