1. Home
  2. Vulnerabilities
  3. CVE-2018-25091

CVE-2018-25091

CVSS v3.1 6.1 (Medium)
61% Progress
EPSS 0.08 % (34th)
0.08% Progress
Affected Products 1
Advisories 6
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

urllib3 before 1.24.2 does not remove the authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the authorization header to be exposed to unintended hosts or transmitted in cleartext. NOTE: this issue exists because of an incomplete fix for CVE-2018-20060 (which was case-sensitive).

Weaknesses
CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
Related CVEs
CVE Status
PUBLISHED
CNA
MITRE
Published Date
2023-10-15 19:15:09
(11 months ago)
Updated Date
2023-10-19 14:01:05
(11 months ago)

Affected Products

Python

Configuration #1

    CPE23 From Up To
  Python Urllib3 prior 1.24.2 version cpe:2.3:a:python:urllib3 < 1.24.2