Количество 7
Количество 7
CVE-2018-25091
urllib3 before 1.24.2 does not remove the authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the authorization header to be exposed to unintended hosts or transmitted in cleartext. NOTE: this issue exists because of an incomplete fix for CVE-2018-20060 (which was case-sensitive).
CVE-2018-25091
urllib3 before 1.24.2 does not remove the authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the authorization header to be exposed to unintended hosts or transmitted in cleartext. NOTE: this issue exists because of an incomplete fix for CVE-2018-20060 (which was case-sensitive).
CVE-2018-25091
urllib3 before 1.24.2 does not remove the authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the authorization header to be exposed to unintended hosts or transmitted in cleartext. NOTE: this issue exists because of an incomplete fix for CVE-2018-20060 (which was case-sensitive).
CVE-2018-25091
urllib3 before 1.24.2 does not remove the authorization HTTP header wh ...
GHSA-gwvm-45gx-3cf8
Authorization Header forwarded on redirect
BDU:2024-09054
Уязвимость HTTP библиотеки для Python Urllib3, связанная с использованием открытой переадресации, позволяющая нарушителю получить доступ к конфиденциальным данным и нарушить их целостность
ELSA-2024-2988
ELSA-2024-2988: container-tools:ol8 security update (MODERATE)
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2018-25091 urllib3 before 1.24.2 does not remove the authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the authorization header to be exposed to unintended hosts or transmitted in cleartext. NOTE: this issue exists because of an incomplete fix for CVE-2018-20060 (which was case-sensitive). | CVSS3: 6.1 | 0% Низкий | больше 1 года назад |
 | CVE-2018-25091 urllib3 before 1.24.2 does not remove the authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the authorization header to be exposed to unintended hosts or transmitted in cleartext. NOTE: this issue exists because of an incomplete fix for CVE-2018-20060 (which was case-sensitive). | CVSS3: 6.1 | 0% Низкий | больше 1 года назад |
 | CVE-2018-25091 urllib3 before 1.24.2 does not remove the authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the authorization header to be exposed to unintended hosts or transmitted in cleartext. NOTE: this issue exists because of an incomplete fix for CVE-2018-20060 (which was case-sensitive). | CVSS3: 6.1 | 0% Низкий | больше 1 года назад |
| CVE-2018-25091 urllib3 before 1.24.2 does not remove the authorization HTTP header wh ... | CVSS3: 6.1 | 0% Низкий | больше 1 года назад |
| GHSA-gwvm-45gx-3cf8 Authorization Header forwarded on redirect | CVSS3: 6.1 | 0% Низкий | больше 1 года назад |
 | BDU:2024-09054 Уязвимость HTTP библиотеки для Python Urllib3, связанная с использованием открытой переадресации, позволяющая нарушителю получить доступ к конфиденциальным данным и нарушить их целостность | CVSS3: 6.1 | 0% Низкий | больше 6 лет назад |
| ELSA-2024-2988 ELSA-2024-2988: container-tools:ol8 security update (MODERATE) | около 1 года назад |
Уязвимостей на страницу