Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatcveRedhat.comRH:CVE-2024-37891
HistoryJun 17, 2024 - 11:21 p.m.

CVE-2024-37891

2024-06-1723:21:38
redhat.com
access.redhat.com
4
cve-2024-37891
information security
cve

4.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

4.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

A flaw was found in urllib3, an HTTP client library for Python. In certain configurations, urllib3 does not treat the Proxy-Authorization HTTP header as one carrying authentication material. This issue results in not stripping the header on cross-origin redirects.

Related

veracode 1
osv 15
ubuntucve 1
github 1
nessus 1
wolfi 1
cvelist 1
debiancve 1
vulnrichment 1
nvd 1
cve 1
veracode
veracode
Sensitive Information Disclosure
2024-06-18 04:57:38
osv
osv
CGA-8f64-fgpv-jxj2
2024-06-20 11:34:04
CGA-w3h9-h7jv-6q22
2024-06-21 16:23:00
CGA-rqhm-766h-p289
2024-06-19 07:36:10
ubuntucve
ubuntucve
CVE-2024-37891
2024-06-17 00:00:00
github
github
urllib3's Proxy-Authorization request header isn't stripped during cross-origin redirects
2024-06-17 21:37:20
nessus
nessus
urllib3 Python Library < 1.26.19, < 2.2.2 (CVE-2024-37891)
2024-06-21 00:00:00
wolfi
wolfi
CVE-2024-37891 vulnerabilities
2024-06-26 15:33:03
cvelist
cvelist
CVE-2024-37891 Proxy-Authorization request header isn't stripped during cross-origin redirects in urllib3
2024-06-17 19:18:32
debiancve
debiancve
CVE-2024-37891
2024-06-17 20:15:13
vulnrichment
vulnrichment
CVE-2024-37891 Proxy-Authorization request header isn't stripped during cross-origin redirects in urllib3
2024-06-17 19:18:32
nvd
nvd
CVE-2024-37891
2024-06-17 20:15:13
cve
cve
CVE-2024-37891
2024-06-17 20:15:13

4.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

4.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON
Related for RH:CVE-2024-37891
veracode1osv15ubuntucve1github1nessus1wolfi1cvelist1debiancve1vulnrichment1nvd1cve1