CVE-2018-25091
CVSS v3.1
6.1 (Medium)
EPSS
0.08 % (34th)
Affected Products
1
Advisories
6
urllib3 before 1.24.2 does not remove the authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the authorization header to be exposed to unintended hosts or transmitted in cleartext. NOTE: this issue exists because of an incomplete fix for CVE-2018-20060 (which was case-sensitive).
- CVE Status
- PUBLISHED
- CNA
- MITRE
- Published Date
-
2023-10-15 19:15:09
(11 months ago) - Updated Date
-
2023-10-19 14:01:05
(11 months ago)
Affected Products
Loading...
Loading...
Loading...
Configuration #1
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...