Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2024:2986

Опубликовано: 14 июн. 2024
Источник: rocky
Оценка: Moderate

Описание

Moderate: python3.11-urllib3 security update

The python-urllib3 package provides the Python HTTP module with connection pooling and file POST abilities.

Security Fix(es):

  • python-urllib3: Cookie request header isn't stripped during cross-origin redirects (CVE-2023-43804)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section.

Затронутые продукты

  • Rocky Linux 8

НаименованиеАрхитектураРелизRPM
python3.11-urllib3noarch2.el8python3.11-urllib3-1.26.12-2.el8.noarch.rpm

Показывать по

Связанные CVE

CVE-2023-43804

Ссылки на источники

Исправления

Связанные уязвимости

ubuntu логотип

CVE-2023-43804

CVSS3: 5.9
ubuntu
больше 1 года назад

urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. This issue has been patched in urllib3 version 1.26.17 or 2.0.5.

redhat логотип

CVE-2023-43804

CVSS3: 5.9
redhat
больше 1 года назад

urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. This issue has been patched in urllib3 version 1.26.17 or 2.0.5.

nvd логотип

CVE-2023-43804

CVSS3: 5.9
nvd
больше 1 года назад

urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. This issue has been patched in urllib3 version 1.26.17 or 2.0.5.

msrc логотип

CVE-2023-43804

CVSS3: 8.1
msrc
2 месяца назад

Описание отсутствует

debian логотип

CVE-2023-43804

CVSS3: 5.9
debian
больше 1 года назад

urllib3 is a user-friendly HTTP client library for Python. urllib3 doe ...