A significant unpatched vulnerability in the HTTP/HTTPS proxy tool exposes more than 50,000 Tinyproxy service hosts on the internet. Tracked as CVE-2023-49606, the vulnerability has a critical severity rating with a CVSS score of 9.8. This is a use-after-free vulnerability in the HTTP Connection Headers parsing in Tinyproxy. A specially crafted HTTP header can trigger the … Continue reading “Tinyproxy HTTP Connection Headers Use After Free Vulnerability (CVE-2023-49606)”