Количество 58
Количество 58
RLSA-2024:6309
Moderate: fence-agents security update
ELSA-2024-6311
ELSA-2024-6311: resource-agents security update (MODERATE)
ELSA-2024-6309
ELSA-2024-6309: fence-agents security update (MODERATE)
CVE-2024-37891
urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with `ProxyManager`, the `Proxy-Authorization` header is only sent to the configured proxy, as expected. However, when sending HTTP requests *without* using urllib3's proxy support, it's possible to accidentally configure the `Proxy-Authorization` header even though it won't have any effect as the request is not using a forwarding proxy or a tunneling proxy. In those cases, urllib3 doesn't treat the `Proxy-Authorization` HTTP header as one carrying authentication material and thus doesn't strip the header on cross-origin redirects. Because this is a highly unlikely scenario, we believe the severity of this vulnerability is low for almost all users. Out of an abundance of caution urllib3 will automatically strip the `Proxy-Authorization` header during cross-origin redirects to avoid the small chance that users are doing this on accident. Users should use urllib3's proxy support or disable au...
CVE-2024-37891
urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with `ProxyManager`, the `Proxy-Authorization` header is only sent to the configured proxy, as expected. However, when sending HTTP requests *without* using urllib3's proxy support, it's possible to accidentally configure the `Proxy-Authorization` header even though it won't have any effect as the request is not using a forwarding proxy or a tunneling proxy. In those cases, urllib3 doesn't treat the `Proxy-Authorization` HTTP header as one carrying authentication material and thus doesn't strip the header on cross-origin redirects. Because this is a highly unlikely scenario, we believe the severity of this vulnerability is low for almost all users. Out of an abundance of caution urllib3 will automatically strip the `Proxy-Authorization` header during cross-origin redirects to avoid the small chance that users are doing this on accident. Users should use urllib3's proxy support or disable au...
CVE-2024-37891
urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with `ProxyManager`, the `Proxy-Authorization` header is only sent to the configured proxy, as expected. However, when sending HTTP requests *without* using urllib3's proxy support, it's possible to accidentally configure the `Proxy-Authorization` header even though it won't have any effect as the request is not using a forwarding proxy or a tunneling proxy. In those cases, urllib3 doesn't treat the `Proxy-Authorization` HTTP header as one carrying authentication material and thus doesn't strip the header on cross-origin redirects. Because this is a highly unlikely scenario, we believe the severity of this vulnerability is low for almost all users. Out of an abundance of caution urllib3 will automatically strip the `Proxy-Authorization` header during cross-origin redirects to avoid the small chance that users are doing this on accident. Users should use urllib3's proxy support or disable auto
CVE-2024-37891
CVE-2024-37891
urllib3 is a user-friendly HTTP client library for Python. When using ...
CVE-2024-6345
A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0.
CVE-2024-6345
A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0.
CVE-2024-6345
A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0.
CVE-2024-6345
CVE-2024-6345
A vulnerability in the package_index module of pypa/setuptools version ...
SUSE-SU-2024:4358-1
Security update for python-urllib3_1
SUSE-SU-2024:2879-1
Security update for python-urllib3
SUSE-SU-2024:2662-1
Security update for python-urllib3
SUSE-SU-2024:2320-1
Security update for python-urllib3
ROS-20241211-11
Уязвимость python3-urllib3
RLSA-2024:8843
Moderate: python3.11-urllib3 security update
RLSA-2024:8842
Moderate: python3.12-urllib3 security update
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | RLSA-2024:6309 Moderate: fence-agents security update | около 1 месяца назад | ||
| ELSA-2024-6311 ELSA-2024-6311: resource-agents security update (MODERATE) | 10 месяцев назад | ||
| ELSA-2024-6309 ELSA-2024-6309: fence-agents security update (MODERATE) | 10 месяцев назад | ||
 | CVE-2024-37891 urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with `ProxyManager`, the `Proxy-Authorization` header is only sent to the configured proxy, as expected. However, when sending HTTP requests *without* using urllib3's proxy support, it's possible to accidentally configure the `Proxy-Authorization` header even though it won't have any effect as the request is not using a forwarding proxy or a tunneling proxy. In those cases, urllib3 doesn't treat the `Proxy-Authorization` HTTP header as one carrying authentication material and thus doesn't strip the header on cross-origin redirects. Because this is a highly unlikely scenario, we believe the severity of this vulnerability is low for almost all users. Out of an abundance of caution urllib3 will automatically strip the `Proxy-Authorization` header during cross-origin redirects to avoid the small chance that users are doing this on accident. Users should use urllib3's proxy support or disable au... | CVSS3: 4.4 | 0% Низкий | около 1 года назад |
 | CVE-2024-37891 urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with `ProxyManager`, the `Proxy-Authorization` header is only sent to the configured proxy, as expected. However, when sending HTTP requests *without* using urllib3's proxy support, it's possible to accidentally configure the `Proxy-Authorization` header even though it won't have any effect as the request is not using a forwarding proxy or a tunneling proxy. In those cases, urllib3 doesn't treat the `Proxy-Authorization` HTTP header as one carrying authentication material and thus doesn't strip the header on cross-origin redirects. Because this is a highly unlikely scenario, we believe the severity of this vulnerability is low for almost all users. Out of an abundance of caution urllib3 will automatically strip the `Proxy-Authorization` header during cross-origin redirects to avoid the small chance that users are doing this on accident. Users should use urllib3's proxy support or disable au... | CVSS3: 4.4 | 0% Низкий | около 1 года назад |
 | CVE-2024-37891 urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with `ProxyManager`, the `Proxy-Authorization` header is only sent to the configured proxy, as expected. However, when sending HTTP requests *without* using urllib3's proxy support, it's possible to accidentally configure the `Proxy-Authorization` header even though it won't have any effect as the request is not using a forwarding proxy or a tunneling proxy. In those cases, urllib3 doesn't treat the `Proxy-Authorization` HTTP header as one carrying authentication material and thus doesn't strip the header on cross-origin redirects. Because this is a highly unlikely scenario, we believe the severity of this vulnerability is low for almost all users. Out of an abundance of caution urllib3 will automatically strip the `Proxy-Authorization` header during cross-origin redirects to avoid the small chance that users are doing this on accident. Users should use urllib3's proxy support or disable auto | CVSS3: 4.4 | 0% Низкий | около 1 года назад |
 | CVSS3: 4.4 | 0% Низкий | 7 месяцев назад | |
| CVE-2024-37891 urllib3 is a user-friendly HTTP client library for Python. When using ... | CVSS3: 4.4 | 0% Низкий | около 1 года назад |
| CVE-2024-6345 A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0. | CVSS3: 8.8 | 0% Низкий | 11 месяцев назад |
| CVE-2024-6345 A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0. | CVSS3: 8.8 | 0% Низкий | 11 месяцев назад |
| CVE-2024-6345 A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0. | CVSS3: 8.8 | 0% Низкий | 11 месяцев назад |
| CVSS3: 8.8 | 0% Низкий | 8 месяцев назад | |
| CVE-2024-6345 A vulnerability in the package_index module of pypa/setuptools version ... | CVSS3: 8.8 | 0% Низкий | 11 месяцев назад |
 | SUSE-SU-2024:4358-1 Security update for python-urllib3_1 | 0% Низкий | 6 месяцев назад | |
| SUSE-SU-2024:2879-1 Security update for python-urllib3 | 0% Низкий | 10 месяцев назад | |
| SUSE-SU-2024:2662-1 Security update for python-urllib3 | 0% Низкий | 11 месяцев назад | |
| SUSE-SU-2024:2320-1 Security update for python-urllib3 | 0% Низкий | 12 месяцев назад | |
 | ROS-20241211-11 Уязвимость python3-urllib3 | CVSS3: 4.4 | 0% Низкий | 6 месяцев назад |
| RLSA-2024:8843 Moderate: python3.11-urllib3 security update | 0% Низкий | 7 месяцев назад | |
| RLSA-2024:8842 Moderate: python3.12-urllib3 security update | 0% Низкий | 7 месяцев назад |
Уязвимостей на страницу