An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Qt | Qt | * | 5.15.14 (excluding) |
Qt | Qt | 6.0.0 (including) | 6.2.9 (excluding) |
Qt | Qt | 6.3.0 (including) | 6.5.1 (excluding) |