Sensitive Data Exposure in Excon HTTP Library for Ruby
CVE-2026-54171
6.5MEDIUM
What is CVE-2026-54171?
The Excon HTTP library for Ruby includes a vulnerability within its RedirectFollower middleware prior to version 1.5.0. This flaw may lead to unintended exposure of sensitive data during redirect operations. Specifically, the middleware improperly handles additional sensitive headers, failing to strip them when following redirects. As a result, any header information from the original request that is not meant for the new target could inadvertently leak, potentially compromising sensitive data. Users are advised to update to version 1.5.0 or later to mitigate this risk.
Affected Version(s)
excon < 1.5.0
