Safety vulnerability ID: 61979
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Affected versions of urllib3 are vulnerable to improper handling of HTTP redirect request bodies. Sensitive data in request bodies may be exposed if a compromised origin service redirects using 301, 302, or 303. The vulnerability affects automatic removal of request bodies when the method changes from POST to GET. Exploitability is low. Users should update to 1.26.18 or 2.0.7, or disable automatic redirects with redirects=False.
Latest version: 2.12.915
urllib3.future is a powerful HTTP 1.1, 2, and 3 client with both sync and async interfaces
====================
- Fixed an issue where streaming response did not yield data until the stream was closed.
- Unified peercert/issuercert dict output in ConnectionInfo output format when HTTP/3.
- Made body stripped from HTTP requests changing the request method to GET after HTTP 303 "See Other" redirect responses.
Headers ``content-encoding, content-language, content-location, content-type, content-length, digest, last-modified`` are
also stripped in the said case.
Port of the security fix GHSA-g4mx-q9vg-27p4
- ``_TYPE_BODY`` now accept `Iterable[str]` in addition to `Iterable[bytes]`.
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application