[USN-6473-1] urllib3 vulnerabilities
Severity
High
Affected Packages
8
CVEs
3
Several security issues were fixed in urllib3.
It was discovered that urllib3 didn't strip HTTP Authorization header
on cross-origin redirects. A remote attacker could possibly use this
issue to obtain sensitive information. This issue only affected
Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-25091)
It was discovered that urllib3 didn't strip HTTP Cookie header on
cross-origin redirects. A remote attacker could possibly use this
issue to obtain sensitive information. (CVE-2023-43804)
It was discovered that urllib3 didn't strip HTTP body on status code
303 redirects under certain circumstances. A remote attacker could
possibly use this issue to obtain sensitive information. (CVE-2023-45803)
Package | Affected Version |
---|---|
pkg:deb/ubuntu/python3-urllib3?distro=xenial | < 1.13.1-2ubuntu0.16.04.4+esm1 |
pkg:deb/ubuntu/python3-urllib3?distro=mantic | < 1.26.16-1ubuntu0.1 |
pkg:deb/ubuntu/python3-urllib3?distro=lunar | < 1.26.12-1ubuntu0.1 |
pkg:deb/ubuntu/python3-urllib3?distro=jammy | < 1.26.5-1~exp1ubuntu0.1 |
pkg:deb/ubuntu/python3-urllib3?distro=focal | < 1.25.8-2ubuntu0.3 |
pkg:deb/ubuntu/python3-urllib3?distro=bionic | < 1.22-1ubuntu0.18.04.2+esm1 |
pkg:deb/ubuntu/python-urllib3?distro=xenial | < 1.13.1-2ubuntu0.16.04.4+esm1 |
pkg:deb/ubuntu/python-urllib3?distro=bionic | < 1.22-1ubuntu0.18.04.2+esm1 |
- ID
- USN-6473-1
- Severity
- high
- Severity from
- CVE-2023-43804
- URL
- https://ubuntu.com/security/notices/USN-6473-1
- Published
-
2023-11-07T14:20:04
(10 months ago) - Modified
-
2023-11-07T14:20:04
(10 months ago) - Other Advisories
-
- ALAS2-2024-2387
- ALPINE:CVE-2023-43804
- ALPINE:CVE-2023-45803
- ALSA-2023:7753
- ALSA-2024:0116
- ALSA-2024:0133
- ALSA-2024:0464
- ALSA-2024:2132
- ALSA-2024:2159
- ALSA-2024:2968
- ALSA-2024:2985
- ALSA-2024:2986
- ALSA-2024:2987
- ELSA-2023-7753
- ELSA-2024-0116
- ELSA-2024-0133
- ELSA-2024-0464
- ELSA-2024-2132
- ELSA-2024-2159
- ELSA-2024-2968
- ELSA-2024-2985
- ELSA-2024-2986
- ELSA-2024-2987
- ELSA-2024-2988
- FEDORA-2023-0806784f24
- FEDORA-2023-18f03a150d
- FEDORA-2023-8f53bfe088
- FEDORA-2023-932b0c86f4
- FEDORA-2023-dede912109
- PYSEC-2023-192
- PYSEC-2023-207
- PYSEC-2023-212
- RHSA-2023:7753
- RHSA-2024:0116
- RHSA-2024:0133
- RHSA-2024:0464
- RHSA-2024:2132
- RHSA-2024:2159
- RHSA-2024:2952
- RHSA-2024:2968
- RHSA-2024:2985
- RHSA-2024:2986
- RHSA-2024:2987
- RHSA-2024:2988
- RLSA-2024:2968
- RLSA-2024:2986
- SUSE-SU-2023:4064-1
- SUSE-SU-2023:4108-1
- SUSE-SU-2023:4157-1
- SUSE-SU-2023:4352-1
- SUSE-SU-2023:4356-1
- SUSE-SU-2023:4467-1
- SUSE-SU-2023:4468-1
- SUSE-SU-2024:2462-1
- USN-6473-2
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:deb/ubuntu/python3-urllib3?distro=xenial | ubuntu | python3-urllib3 | < 1.13.1-2ubuntu0.16.04.4+esm1 | xenial | ||
Affected | pkg:deb/ubuntu/python3-urllib3?distro=mantic | ubuntu | python3-urllib3 | < 1.26.16-1ubuntu0.1 | mantic | ||
Affected | pkg:deb/ubuntu/python3-urllib3?distro=lunar | ubuntu | python3-urllib3 | < 1.26.12-1ubuntu0.1 | lunar | ||
Affected | pkg:deb/ubuntu/python3-urllib3?distro=jammy | ubuntu | python3-urllib3 | < 1.26.5-1~exp1ubuntu0.1 | jammy | ||
Affected | pkg:deb/ubuntu/python3-urllib3?distro=focal | ubuntu | python3-urllib3 | < 1.25.8-2ubuntu0.3 | focal | ||
Affected | pkg:deb/ubuntu/python3-urllib3?distro=bionic | ubuntu | python3-urllib3 | < 1.22-1ubuntu0.18.04.2+esm1 | bionic | ||
Affected | pkg:deb/ubuntu/python-urllib3?distro=xenial | ubuntu | python-urllib3 | < 1.13.1-2ubuntu0.16.04.4+esm1 | xenial | ||
Affected | pkg:deb/ubuntu/python-urllib3?distro=bionic | ubuntu | python-urllib3 | < 1.22-1ubuntu0.18.04.2+esm1 | bionic |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |