[PYSEC-2023-207] urllib3 vulnerability
Severity
Medium
Affected Packages
49
Fixed Packages
1
CVEs
1
urllib3 before 1.24.2 does not remove the authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the authorization header to be exposed to unintended hosts or transmitted in cleartext. NOTE: this issue exists because of an incomplete fix for CVE-2018-20060 (which was case-sensitive).
Package | Fixed Version |
---|---|
pkg:pypi/urllib3 | = 1.24.2 |
- ID
- PYSEC-2023-207
- Severity
- medium
- Severity from
- CVE-2018-25091
- URL
- https://github.com/urllib3/urllib3/issues/1510
- Published
-
2023-10-15T19:15:00
(11 months ago) - Modified
-
2023-10-19T16:33:01
(11 months ago) - Other Advisories
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Fixed | pkg:pypi/urllib3 | urllib3 | = 1.24.2 | ||||
Affected | pkg:pypi/urllib3 | urllib3 | >= 0.0 < 1.24.2 | ||||
Affected | pkg:pypi/urllib3 | urllib3 | = 0.2 | ||||
Affected | pkg:pypi/urllib3 | urllib3 | = 0.3 | ||||
Affected | pkg:pypi/urllib3 | urllib3 | = 0.3.1 | ||||
Affected | pkg:pypi/urllib3 | urllib3 | = 0.4.0 | ||||
Affected | pkg:pypi/urllib3 | urllib3 | = 0.4.1 | ||||
Affected | pkg:pypi/urllib3 | urllib3 | = 1.0 | ||||
Affected | pkg:pypi/urllib3 | urllib3 | = 1.0.1 | ||||
Affected | pkg:pypi/urllib3 | urllib3 | = 1.0.2 | ||||
Affected | pkg:pypi/urllib3 | urllib3 | = 1.1 | ||||
Affected | pkg:pypi/urllib3 | urllib3 | = 1.10 | ||||
Affected | pkg:pypi/urllib3 | urllib3 | = 1.10.1 | ||||
Affected | pkg:pypi/urllib3 | urllib3 | = 1.10.2 | ||||
Affected | pkg:pypi/urllib3 | urllib3 | = 1.10.3 | ||||
Affected | pkg:pypi/urllib3 | urllib3 | = 1.10.4 | ||||
Affected | pkg:pypi/urllib3 | urllib3 | = 1.11 | ||||
Affected | pkg:pypi/urllib3 | urllib3 | = 1.12 | ||||
Affected | pkg:pypi/urllib3 | urllib3 | = 1.13 | ||||
Affected | pkg:pypi/urllib3 | urllib3 | = 1.13.1 | ||||
Affected | pkg:pypi/urllib3 | urllib3 | = 1.14 | ||||
Affected | pkg:pypi/urllib3 | urllib3 | = 1.15 | ||||
Affected | pkg:pypi/urllib3 | urllib3 | = 1.15.1 | ||||
Affected | pkg:pypi/urllib3 | urllib3 | = 1.16 | ||||
Affected | pkg:pypi/urllib3 | urllib3 | = 1.17 | ||||
Affected | pkg:pypi/urllib3 | urllib3 | = 1.18 | ||||
Affected | pkg:pypi/urllib3 | urllib3 | = 1.18.1 | ||||
Affected | pkg:pypi/urllib3 | urllib3 | = 1.19 | ||||
Affected | pkg:pypi/urllib3 | urllib3 | = 1.19.1 | ||||
Affected | pkg:pypi/urllib3 | urllib3 | = 1.2 | ||||
Affected | pkg:pypi/urllib3 | urllib3 | = 1.2.1 | ||||
Affected | pkg:pypi/urllib3 | urllib3 | = 1.2.2 | ||||
Affected | pkg:pypi/urllib3 | urllib3 | = 1.20 | ||||
Affected | pkg:pypi/urllib3 | urllib3 | = 1.21 | ||||
Affected | pkg:pypi/urllib3 | urllib3 | = 1.21.1 | ||||
Affected | pkg:pypi/urllib3 | urllib3 | = 1.22 | ||||
Affected | pkg:pypi/urllib3 | urllib3 | = 1.23 | ||||
Affected | pkg:pypi/urllib3 | urllib3 | = 1.24 | ||||
Affected | pkg:pypi/urllib3 | urllib3 | = 1.24.1 | ||||
Affected | pkg:pypi/urllib3 | urllib3 | = 1.3 | ||||
Affected | pkg:pypi/urllib3 | urllib3 | = 1.4 | ||||
Affected | pkg:pypi/urllib3 | urllib3 | = 1.5 | ||||
Affected | pkg:pypi/urllib3 | urllib3 | = 1.6 | ||||
Affected | pkg:pypi/urllib3 | urllib3 | = 1.7 | ||||
Affected | pkg:pypi/urllib3 | urllib3 | = 1.7.1 | ||||
Affected | pkg:pypi/urllib3 | urllib3 | = 1.8 | ||||
Affected | pkg:pypi/urllib3 | urllib3 | = 1.8.2 | ||||
Affected | pkg:pypi/urllib3 | urllib3 | = 1.8.3 | ||||
Affected | pkg:pypi/urllib3 | urllib3 | = 1.9 | ||||
Affected | pkg:pypi/urllib3 | urllib3 | = 1.9.1 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |