[PYSEC-2023-207] urllib3 vulnerability
Severity
Medium
Affected Packages
49
Fixed Packages
1
CVEs
1
urllib3 before 1.24.2 does not remove the authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the authorization header to be exposed to unintended hosts or transmitted in cleartext. NOTE: this issue exists because of an incomplete fix for CVE-2018-20060 (which was case-sensitive).
| Package | Fixed Version |
|---|---|
 pkg:pypi/urllib3
|
= 1.24.2 |
- ID
- PYSEC-2023-207
- Severity
- medium
- Severity from
- CVE-2018-25091
- URL
- https://github.com/urllib3/urllib3/issues/1510
- Published
-
2023-10-15T19:15:00
(11 months ago) - Modified
-
2023-10-19T16:33:01
(11 months ago) - Other Advisories
ELSA-2024-2988
RHSA-2024:2988
SUSE-SU-2023:4352-1
USN-6473-1| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Fixed | pkg:pypi/urllib3 |
urllib3
|
= 1.24.2 | ||||
| Affected | pkg:pypi/urllib3 |
urllib3
|
>= 0.0 < 1.24.2 | ||||
| Affected | pkg:pypi/urllib3 |
urllib3
|
= 0.2 | ||||
| Affected | pkg:pypi/urllib3 |
urllib3
|
= 0.3 | ||||
| Affected | pkg:pypi/urllib3 |
urllib3
|
= 0.3.1 | ||||
| Affected | pkg:pypi/urllib3 |
urllib3
|
= 0.4.0 | ||||
| Affected | pkg:pypi/urllib3 |
urllib3
|
= 0.4.1 | ||||
| Affected | pkg:pypi/urllib3 |
urllib3
|
= 1.0 | ||||
| Affected | pkg:pypi/urllib3 |
urllib3
|
= 1.0.1 | ||||
| Affected | pkg:pypi/urllib3 |
urllib3
|
= 1.0.2 | ||||
| Affected | pkg:pypi/urllib3 |
urllib3
|
= 1.1 | ||||
| Affected | pkg:pypi/urllib3 |
urllib3
|
= 1.10 | ||||
| Affected | pkg:pypi/urllib3 |
urllib3
|
= 1.10.1 | ||||
| Affected | pkg:pypi/urllib3 |
urllib3
|
= 1.10.2 | ||||
| Affected | pkg:pypi/urllib3 |
urllib3
|
= 1.10.3 | ||||
| Affected | pkg:pypi/urllib3 |
urllib3
|
= 1.10.4 | ||||
| Affected | pkg:pypi/urllib3 |
urllib3
|
= 1.11 | ||||
| Affected | pkg:pypi/urllib3 |
urllib3
|
= 1.12 | ||||
| Affected | pkg:pypi/urllib3 |
urllib3
|
= 1.13 | ||||
| Affected | pkg:pypi/urllib3 |
urllib3
|
= 1.13.1 | ||||
| Affected | pkg:pypi/urllib3 |
urllib3
|
= 1.14 | ||||
| Affected | pkg:pypi/urllib3 |
urllib3
|
= 1.15 | ||||
| Affected | pkg:pypi/urllib3 |
urllib3
|
= 1.15.1 | ||||
| Affected | pkg:pypi/urllib3 |
urllib3
|
= 1.16 | ||||
| Affected | pkg:pypi/urllib3 |
urllib3
|
= 1.17 | ||||
| Affected | pkg:pypi/urllib3 |
urllib3
|
= 1.18 | ||||
| Affected | pkg:pypi/urllib3 |
urllib3
|
= 1.18.1 | ||||
| Affected | pkg:pypi/urllib3 |
urllib3
|
= 1.19 | ||||
| Affected | pkg:pypi/urllib3 |
urllib3
|
= 1.19.1 | ||||
| Affected | pkg:pypi/urllib3 |
urllib3
|
= 1.2 | ||||
| Affected | pkg:pypi/urllib3 |
urllib3
|
= 1.2.1 | ||||
| Affected | pkg:pypi/urllib3 |
urllib3
|
= 1.2.2 | ||||
| Affected | pkg:pypi/urllib3 |
urllib3
|
= 1.20 | ||||
| Affected | pkg:pypi/urllib3 |
urllib3
|
= 1.21 | ||||
| Affected | pkg:pypi/urllib3 |
urllib3
|
= 1.21.1 | ||||
| Affected | pkg:pypi/urllib3 |
urllib3
|
= 1.22 | ||||
| Affected | pkg:pypi/urllib3 |
urllib3
|
= 1.23 | ||||
| Affected | pkg:pypi/urllib3 |
urllib3
|
= 1.24 | ||||
| Affected | pkg:pypi/urllib3 |
urllib3
|
= 1.24.1 | ||||
| Affected | pkg:pypi/urllib3 |
urllib3
|
= 1.3 | ||||
| Affected | pkg:pypi/urllib3 |
urllib3
|
= 1.4 | ||||
| Affected | pkg:pypi/urllib3 |
urllib3
|
= 1.5 | ||||
| Affected | pkg:pypi/urllib3 |
urllib3
|
= 1.6 | ||||
| Affected | pkg:pypi/urllib3 |
urllib3
|
= 1.7 | ||||
| Affected | pkg:pypi/urllib3 |
urllib3
|
= 1.7.1 | ||||
| Affected | pkg:pypi/urllib3 |
urllib3
|
= 1.8 | ||||
| Affected | pkg:pypi/urllib3 |
urllib3
|
= 1.8.2 | ||||
| Affected | pkg:pypi/urllib3 |
urllib3
|
= 1.8.3 | ||||
| Affected | pkg:pypi/urllib3 |
urllib3
|
= 1.9 | ||||
| Affected | pkg:pypi/urllib3 |
urllib3
|
= 1.9.1 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |