RedHatRHSA-2024:2986

HistoryMay 22, 2024 - 6:35 a.m.

(RHSA-2024:2986) Moderate: python3.11-urllib3 security update

Vulners
Redhat
(RHSA-2024:2986) Moderate: python3.11-urllib3 security update

2024-05-2206:35:16

access.redhat.com

rhsa-2024

moderate

python-urllib3

security

update

cve-2023-43804

red hat enterprise linux 8.10

6.9 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

36.3%

JSON

The python-urllib3 package provides the Python HTTP module with connection pooling and file POST abilities.

Security Fix(es):

python-urllib3: Cookie request header isn’t stripped during cross-origin redirects (CVE-2023-43804)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes linked from the References section.

OSVersionArchitecturePackageVersionFilename
RedHat8noarchpython3.11-urllib3< 1.26.12-2.el8python3.11-urllib3-1.26.12-2.el8.noarch.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	8	noarch	python3.11-urllib3	< 1.26.12-2.el8	python3.11-urllib3-1.26.12-2.el8.noarch.rpm

ibm 25

f5 1

openvas 24

osv 16

almalinux 8

rocky 2

debiancve 1

nessus 68

cve 1

cbl_mariner 1

oraclelinux 8

wolfi 1

prion 1

redhat 20

github 1

redos 2

fedora 3

cgr 1

githubexploit 2

cvelist 1

alpinelinux 1

ubuntucve 1

nvd 1

redhatcve 1

veracode 1

aix 1

photon 2

cloudfoundry 1

ubuntu 2

debian 1

ibm

Security Bulletin: IBM Maximo Application Suite uses urllib3-1.26.14-py2.py3-none-any.whl which is vulnerable to CVE-2023-43804.

2024-02-06 09:15:42

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to urllib3 sensitive information discolsure vulnerabilitiy [ CVE-2023-43804]

2024-02-05 20:00:23

Security Bulletin: Vulnerability in urllib3 affects IBM Process Mining CVE-2023-43804

2024-01-05 16:45:02

K000138600 : Python vulnerability CVE-2023-43804

2024-02-13 00:00:00

openvas

Huawei EulerOS: Security Advisory for python-pip (EulerOS-SA-2024-1046)

2024-01-05 00:00:00

Huawei EulerOS: Security Advisory for python-urllib3 (EulerOS-SA-2023-3348)

2023-12-12 00:00:00

Fedora: Security Advisory for python-urllib3 (FEDORA-2023-0806784f24)

2023-10-16 00:00:00

osv

Moderate: python3.11-urllib3 security update

2024-04-30 00:00:00

Moderate: python3.11-urllib3 security update

2024-06-14 13:59:30

CVE-2023-43804

2023-10-04 17:15:10

almalinux

Moderate: python3.11-urllib3 security update

2024-05-22 00:00:00

Moderate: python3.11-urllib3 security update

2024-04-30 00:00:00

Moderate: python-urllib3 security update

2024-01-10 00:00:00

rocky

python3.11-urllib3 security update

2024-06-14 13:59:30

python39:3.9 and python39-devel:3.9 security update

2024-06-14 13:59:30

debiancve

CVE-2023-43804

2023-10-04 17:15:10

nessus

EulerOS 2.0 SP9 : python-pip (EulerOS-SA-2023-3315)

2024-01-16 00:00:00

EulerOS 2.0 SP9 : python-urllib3 (EulerOS-SA-2023-3316)

2024-01-16 00:00:00

RHEL 7 : python-urllib3 (Unpatched Vulnerability)

2024-05-11 00:00:00

cve

CVE-2023-43804

2023-10-04 17:15:10

cbl_mariner

CVE-2023-43804 affecting package python-urllib3 for versions less than 1.26.18-1

2023-11-08 02:07:28

oraclelinux

python3.11-urllib3 security update

2024-05-23 00:00:00

python3.11-urllib3 security update

2024-05-02 00:00:00

python-urllib3 security update

2024-01-25 00:00:00

wolfi

CVE-2023-43804 vulnerabilities

2024-06-24 09:08:26

prion

Information disclosure

2023-10-04 17:15:00

redhat

(RHSA-2024:2159) Moderate: python3.11-urllib3 security update

2024-04-30 06:14:54

(RHSA-2024:0187) Moderate: Red Hat OpenStack Platform 17.1 (python-urllib3) security update

2024-01-16 14:14:01

(RHSA-2024:0588) Moderate: python-urllib3 security update

2024-01-30 12:53:27

github

`Cookie` HTTP header isn't stripped on cross-origin redirects

2023-10-02 23:27:05

redos

ROS-20240405-02

2024-04-05 00:00:00

ROS-20240412-04

2024-04-12 00:00:00

fedora

[SECURITY] Fedora 37 Update: python-urllib3-1.26.17-1.fc37

2023-10-13 01:33:52

[SECURITY] Fedora 38 Update: python-urllib3-1.26.17-1.fc38

2023-10-11 01:37:16

[SECURITY] Fedora 39 Update: python-urllib3-1.26.18-1.fc39

2023-11-03 19:01:21

cgr

CVE-2023-43804 vulnerabilities

2024-05-19 03:07:16

githubexploit

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Python Urllib3

2023-10-13 06:15:45

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Python Urllib3

2023-10-13 06:15:45

cvelist

CVE-2023-43804 `Cookie` HTTP header isn't stripped on cross-origin redirects

2023-10-04 16:01:50

alpinelinux

CVE-2023-43804

2023-10-04 17:15:10

ubuntucve

CVE-2023-43804

2023-10-04 00:00:00

nvd

CVE-2023-43804

2023-10-04 17:15:10

redhatcve

CVE-2023-43804

2023-10-10 04:25:25

veracode

Information Disclosure

2023-10-06 12:09:49

aix

AIX is affected by multiple vulnerabilities due to Python

2023-12-21 08:42:03

photon

Important Photon OS Security Update - PHSA-2023-4.0-0519

2023-11-23 00:00:00

Important Photon OS Security Update - PHSA-2023-5.0-0155

2023-11-25 00:00:00

cloudfoundry

USN-6473-1: urllib3 vulnerabilities | Cloud Foundry

2023-11-09 00:00:00

ubuntu

pip vulnerabilities

2023-11-15 00:00:00

urllib3 vulnerabilities

2023-11-07 00:00:00

debian

[SECURITY] [DLA 3610-1] python-urllib3 security update

2023-10-08 11:06:20

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

(RHSA-2024:2986) Moderate: python3.11-urllib3 security update

Related