88 matches found
python-urllib3: Cookie request header isn't stripped during cross-origin redirects
A flaw was found in urllib3, a user-friendly HTTP client library for Python. urllib3 doesn't treat the Cookie HTTP header special or provide any helpers for managing cookies over HTTP, which is the responsibility of the user. However, it is possible for a user to specify a Cookie header and...
RHEL 9 : fence-agents (RHSA-2023:7753)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7753 advisory. The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or...
Huawei EulerOS: Security Advisory for python-pip (EulerOS-SA-2023-3347)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
RHEL 8 : fence-agents (RHSA-2023:7407)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7407 advisory. The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or...
[SECURITY] [DLA 3649-1] python-urllib3 security update
Debian LTS Advisory DLA-3649-1 [email protected] https://www.debian.org/lts/security/ Sean Whitton November 08, 2023 https://wiki.debian.org/LTS Package : python-urllib3 Version : 1.24.1-1+deb10u2 CVE ID : CVE-2023-43803 Debian Bug : 1054226 It was discovered that python-urllib3, a...
RHEL 8 : fence-agents (RHSA-2023:6812)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6812 advisory. The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or...
Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 / 23.10 : urllib3 vulnerabilities (USN-6473-1)
The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6473-1 advisory. It was discovered that urllib3 didn't strip HTTP Authorization header on cross-origin redirects. A...
Fedora 37 : python-urllib3 (2023-dede912109)
The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-dede912109 advisory. Update to 1.26.18. Mitigates CVE-2023-45803 / GHSA-g4mx-q9vg-27p4. Ref: https://github.com/advisories/GHSA-g4mx-q9vg-27p4 Tenable has extracted the preceding...
CVE-2023-45803
A flaw was found in urllib3, an HTTP client library for Python. urllib3 doesn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303, after changing the method in a request from one that could accept a request body such as POST to GET, as is required by HTTP...
CVE-2023-45803
urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one that could accept a request body like POST to GET as is required by HT...
CVE-2023-45803
CVE-2023-45803 affects the Python urllib3 library. The issue arises when handling HTTP redirects (301/302/303) after a request’s method changes from something that can carry a body (e.g., POST) to GET, where urllib3 previously did not remove the HTTP request body. This could allow leakage of sens...
Fedora 37 : python-urllib3 (2023-0806784f24)
The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-0806784f24 advisory. Update to 1.26.17: fix CVE-2023-43804 GHSA-v845-jxx5-vc9f Tenable has extracted the preceding description block directly from the Fedora security advisory...
Fedora 38 : python-urllib3 (2023-8f53bfe088)
The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-8f53bfe088 advisory. Update to 1.26.17: fix CVE-2023-43804 GHSA-v845-jxx5-vc9f Tenable has extracted the preceding description block directly from the Fedora security advisory...
CVE-2023-43804
A flaw was found in urllib3, a user-friendly HTTP client library for Python. urllib3 doesn't treat the Cookie HTTP header special or provide any helpers for managing cookies over HTTP, which is the responsibility of the user. However, it is possible for a user to specify a Cookie header and...
CVE-2023-43804
urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the Cookie HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a Cookie header and unknowingly leak...
CVE-2023-43804
urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the Cookie HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a Cookie header and unknowingly leak...
CVE-2023-43804
CVE-2023-43804 affects the Python urllib3 library, where a Cookie header may be leaked across cross-origin redirects if redirects are not disabled. The issue is resolved in urllib3 1.26.17 or 2.0.5. Affected environments are confirmed in multiple reports, including AlmaLinux and Brocade advisorie...
aiohttp.web.Application vulnerable to HTTP request smuggling via llhttp HTTP request parser
Impact aiohttp v3.8.4 and earlier are bundled with llhttp v6.0.6 which is vulnerable to CVE-2023-30589. The vulnerable code is used by aiohttp for its HTTP request parser when available which is the default case when installing from a wheel. This vulnerability only affects users of aiohttp as an...
CVE-2023-37276 aiohttp vulnerable to HTTP request smuggling
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. aiohttp v3.8.4 and earlier are bundled with llhttp v6.0.6. Vulnerable code is used by aiohttp for its HTTP request parser when available which is the default case when installing from a wheel. This vulnerability only...
RHEL 8 : Red Hat OpenStack Platform 16.1.6 (python-httplib2) (RHSA-2021:2116)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:2116 advisory. A comprehensive HTTP client library that supports many features left out of other HTTP libraries. Security Fixes: CRLF injection via an...