Low: python-urllib3

🗓️ 11 Jun 2019 00:00:00Reported by AmazonType

amazon

amazon🔗 alas.aws.amazon.com👁 233 Views

Update python-urllib3 to remove exposed credentials in cross-origin redirect

Reporter	Title	Published	Views	Family All 188
IBM Security Bulletins	Security Bulletin: IBM QRadar SIEM includes components with known vulnerabilities	6 Jul 202318:48	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar SIEM is vulnerable to using components with known vulnerabilities	27 Jan 202100:05	–	ibm
IBM Security Bulletins	Security Bulletin: IBM WebSphere Automation is vulnerable to multiple security vulnerabilites	27 Mar 202617:49	–	ibm
IBM Security Bulletins	Security Bulletin: IBM SOAR QRadar Plugin App is vulnerable to using components with known vulnerabilities	3 May 202419:55	–	ibm
Tenable Nessus	Amazon Linux 2 : python-urllib3 (ALAS-2019-1211)	21 May 201900:00	–	nessus
Tenable Nessus	Amazon Linux 2 : python-virtualenv (ALAS-2020-1413)	24 Apr 202000:00	–	nessus
Tenable Nessus	Amazon Linux AMI : python-urllib3 (ALAS-2019-1224)	14 Jun 201900:00	–	nessus
Tenable Nessus	CentOS 8 : python27:2.7 (CESA-2020:1605)	1 Feb 202100:00	–	nessus
Tenable Nessus	CentOS 8 : python-pip (CESA-2020:1916)	1 Feb 202100:00	–	nessus
Tenable Nessus	CentOS 7 : python-urllib3 (CESA-2019:2272)	30 Aug 201900:00	–	nessus

OS	OS Version	Architecture	Package	Package Version	Filename
Amazon Linux	1	any	python26-urllib3	1.24.1-1.6.amzn1	python26-urllib3-1.24.1-1.6.amzn1.noarch.rpm
Amazon Linux	1	any	python27-urllib3	1.24.1-1.6.amzn1	python27-urllib3-1.24.1-1.6.amzn1.noarch.rpm

13 Jun 2019 00:00Current

8.3High risk

Vulners AI Score8.3

CVSS 25

CVSS 39.8

EPSS0.00656

python-urllib3 update cross-origin_security exposed_credentials cleartext_transmission