Lucene search
K

88 matches found

RedHat Linux
RedHat Linux
added 2023/12/14 4:30 p.m.3 views

python-urllib3: Cookie request header isn't stripped during cross-origin redirects

A flaw was found in urllib3, a user-friendly HTTP client library for Python. urllib3 doesn't treat the Cookie HTTP header special or provide any helpers for managing cookies over HTTP, which is the responsibility of the user. However, it is possible for a user to specify a Cookie header and...

8.1CVSS6.8AI score0.01207EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/12/12 12:0 a.m.34 views

RHEL 9 : fence-agents (RHSA-2023:7753)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7753 advisory. The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or...

9.8CVSS7.4AI score0.01207EPSS
Exploits0References7
OpenVAS
OpenVAS
added 2023/12/12 12:0 a.m.20 views

Huawei EulerOS: Security Advisory for python-pip (EulerOS-SA-2023-3347)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS8.4AI score0.01207EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/11/21 12:0 a.m.39 views

RHEL 8 : fence-agents (RHSA-2023:7407)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7407 advisory. The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or...

9.8CVSS7.4AI score0.01207EPSS
Exploits0References7
Debian
Debian
added 2023/11/08 12:6 p.m.19 views

[SECURITY] [DLA 3649-1] python-urllib3 security update

Debian LTS Advisory DLA-3649-1 [email protected] https://www.debian.org/lts/security/ Sean Whitton November 08, 2023 https://wiki.debian.org/LTS Package : python-urllib3 Version : 1.24.1-1+deb10u2 CVE ID : CVE-2023-43803 Debian Bug : 1054226 It was discovered that python-urllib3, a...

7.1CVSS6.8AI score0.00326EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/11/08 12:0 a.m.50 views

RHEL 8 : fence-agents (RHSA-2023:6812)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6812 advisory. The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or...

9.8CVSS7.4AI score0.01207EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2023/11/07 12:0 a.m.39 views

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 / 23.10 : urllib3 vulnerabilities (USN-6473-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6473-1 advisory. It was discovered that urllib3 didn't strip HTTP Authorization header on cross-origin redirects. A...

8.1CVSS7.3AI score0.01207EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/11/03 12:0 a.m.26 views

Fedora 37 : python-urllib3 (2023-dede912109)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-dede912109 advisory. Update to 1.26.18. Mitigates CVE-2023-45803 / GHSA-g4mx-q9vg-27p4. Ref: https://github.com/advisories/GHSA-g4mx-q9vg-27p4 Tenable has extracted the preceding...

4.2CVSS7AI score0.00544EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2023/10/29 2:55 p.m.46 views

CVE-2023-45803

A flaw was found in urllib3, an HTTP client library for Python. urllib3 doesn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303, after changing the method in a request from one that could accept a request body such as POST to GET, as is required by HTTP...

4.2CVSS6.1AI score0.00544EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2023/10/17 8:15 p.m.110 views

CVE-2023-45803

urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one that could accept a request body like POST to GET as is required by HT...

4.2CVSS6.6AI score0.00544EPSS
Exploits0References7
CVE
CVE
added 2023/10/17 7:43 p.m.668 views

CVE-2023-45803

CVE-2023-45803 affects the Python urllib3 library. The issue arises when handling HTTP redirects (301/302/303) after a request’s method changes from something that can carry a body (e.g., POST) to GET, where urllib3 previously did not remove the HTTP request body. This could allow leakage of sens...

4.2CVSS6.6AI score0.00544EPSS
Exploits0References7Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/10/12 12:0 a.m.21 views

Fedora 37 : python-urllib3 (2023-0806784f24)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-0806784f24 advisory. Update to 1.26.17: fix CVE-2023-43804 GHSA-v845-jxx5-vc9f Tenable has extracted the preceding description block directly from the Fedora security advisory...

8.1CVSS7.3AI score0.01207EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/10/11 12:0 a.m.22 views

Fedora 38 : python-urllib3 (2023-8f53bfe088)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-8f53bfe088 advisory. Update to 1.26.17: fix CVE-2023-43804 GHSA-v845-jxx5-vc9f Tenable has extracted the preceding description block directly from the Fedora security advisory...

8.1CVSS7.3AI score0.01207EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2023/10/10 4:25 a.m.78 views

CVE-2023-43804

A flaw was found in urllib3, a user-friendly HTTP client library for Python. urllib3 doesn't treat the Cookie HTTP header special or provide any helpers for managing cookies over HTTP, which is the responsibility of the user. However, it is possible for a user to specify a Cookie header and...

5.9CVSS7.5AI score0.01207EPSS
Exploits0References3
NVD
NVD
added 2023/10/04 5:15 p.m.21 views

CVE-2023-43804

urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the Cookie HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a Cookie header and unknowingly leak...

8.1CVSS7AI score0.01207EPSS
Exploits0References10
AlpineLinux
AlpineLinux
added 2023/10/04 4:1 p.m.58 views

CVE-2023-43804

urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the Cookie HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a Cookie header and unknowingly leak...

8.1CVSS8.4AI score0.01207EPSS
Exploits0
CVE
CVE
added 2023/10/04 4:1 p.m.921 views

CVE-2023-43804

CVE-2023-43804 affects the Python urllib3 library, where a Cookie header may be leaked across cross-origin redirects if redirects are not disabled. The issue is resolved in urllib3 1.26.17 or 2.0.5. Affected environments are confirmed in multiple reports, including AlmaLinux and Brocade advisorie...

8.1CVSS8AI score0.01207EPSS
Exploits0References10Affected Software1
Github Security Blog
Github Security Blog
added 2023/07/20 2:52 p.m.67 views

aiohttp.web.Application vulnerable to HTTP request smuggling via llhttp HTTP request parser

Impact aiohttp v3.8.4 and earlier are bundled with llhttp v6.0.6 which is vulnerable to CVE-2023-30589. The vulnerable code is used by aiohttp for its HTTP request parser when available which is the default case when installing from a wheel. This vulnerability only affects users of aiohttp as an...

7.5CVSS6.8AI score0.03906EPSS
Exploits2References9Affected Software1
Cvelist
Cvelist
added 2023/07/19 7:39 p.m.53 views

CVE-2023-37276 aiohttp vulnerable to HTTP request smuggling

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. aiohttp v3.8.4 and earlier are bundled with llhttp v6.0.6. Vulnerable code is used by aiohttp for its HTTP request parser when available which is the default case when installing from a wheel. This vulnerability only...

5.3CVSS7.6AI score0.01422EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2021/05/27 12:0 a.m.129 views

RHEL 8 : Red Hat OpenStack Platform 16.1.6 (python-httplib2) (RHSA-2021:2116)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:2116 advisory. A comprehensive HTTP client library that supports many features left out of other HTTP libraries. Security Fixes: CRLF injection via an...

7.5CVSS7.2AI score0.03876EPSS
Exploits1References7
Rows per page
Query Builder