Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2018-25091

Опубликовано: 15 окт. 2023
Источник: debian
EPSS Низкий

Описание

urllib3 before 1.24.2 does not remove the authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the authorization header to be exposed to unintended hosts or transmitted in cleartext. NOTE: this issue exists because of an incomplete fix for CVE-2018-20060 (which was case-sensitive).

Пакеты

ПакетСтатусВерсия исправленияРелизТип
python-urllib3fixed1.25.6-4package

Примечания

  • https://github.com/urllib3/urllib3/issues/1510

  • This issue exists because of an incomplete fix for CVE-2018-20060 (which was case-sensitive).

  • Fixed by https://github.com/urllib3/urllib3/commit/adb358f8e06865406d1f05e581a16cbea2136fbc (1.25)

EPSS

Процентиль: 48%
0.0025
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2018-25091

CVSS3: 6.1
ubuntu
больше 1 года назад

urllib3 before 1.24.2 does not remove the authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the authorization header to be exposed to unintended hosts or transmitted in cleartext. NOTE: this issue exists because of an incomplete fix for CVE-2018-20060 (which was case-sensitive).

redhat логотип

CVE-2018-25091

CVSS3: 6.1
redhat
больше 1 года назад

urllib3 before 1.24.2 does not remove the authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the authorization header to be exposed to unintended hosts or transmitted in cleartext. NOTE: this issue exists because of an incomplete fix for CVE-2018-20060 (which was case-sensitive).

nvd логотип

CVE-2018-25091

CVSS3: 6.1
nvd
больше 1 года назад

urllib3 before 1.24.2 does not remove the authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the authorization header to be exposed to unintended hosts or transmitted in cleartext. NOTE: this issue exists because of an incomplete fix for CVE-2018-20060 (which was case-sensitive).

github логотип

GHSA-gwvm-45gx-3cf8

CVSS3: 6.1
github
больше 1 года назад

Authorization Header forwarded on redirect

fstec логотип

BDU:2024-09054

CVSS3: 6.1
fstec
больше 6 лет назад

Уязвимость HTTP библиотеки для Python Urllib3, связанная с использованием открытой переадресации, позволяющая нарушителю получить доступ к конфиденциальным данным и нарушить их целостность

EPSS

Процентиль: 48%
0.0025
Низкий