PyPi: Urllib3

CVE-2018-25091

Safety vulnerability ID: 71562

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Oct 15, 2023 Updated at Dec 10, 2024
Scan your Python projects for vulnerabilities →

Advisory

Affected versions of urllib3 affected versions are vulnerable due to an issue where the authorization HTTP header is not removed when following a cross-origin redirect. This can result in credentials within the authorization header being exposed to unintended hosts or transmitted in cleartext. This vulnerability exists because of an incomplete fix for CVE-2018-20060, which addressed a similar issue case-sensitively.

Affected package

urllib3

Latest version: 2.2.3

HTTP library with thread-safe connection pooling, file post, and more.

Affected versions

Fixed versions

Vulnerability changelog

This vulnerability has no description

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

MEDIUM 6.1

CVSS v3 Details

MEDIUM 6.1
Attack Vector (AV)
NETWORK
Attack Complexity (AC)
LOW
Privileges Required (PR)
NONE
User Interaction (UI)
REQUIRED
Scope (S)
CHANGED
Confidentiality Impact (C)
LOW
Integrity Impact (I)
LOW
Availability Availability (A)
NONE