80 matches found
Ubuntu 22.04 LTS / 24.04 LTS : urllib3 vulnerabilities (USN-8379-1)
The remote Ubuntu 22.04 LTS / 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8379-1 advisory. It was discovered that urllib3 incorrectly handled cross-origin redirects in ProxyManager. A remote attacker could possibly use this issue to...
OESA-2026-2300 python-urllib3 security update
HTTP library with thread-safe connection pooling, file post support, sanity friendly, and more. Security Fixes: urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connectionfromurl.urlopen...,...
SUSE CVE-2026-44431
urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connectionfromurl.urlopen..., assertsamehost=False still forward these sensitive headers. This vulnerability is fixed in 2.7.0...
Linux Distros Unpatched Vulnerability : CVE-2026-44431
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via...
PYSEC-2026-141
urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connectionfromurl.urlopen..., assertsamehost=False still forward these sensitive headers. This vulnerability is fixed in 2.7.0...
PYSEC-2026-141
urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connectionfromurl.urlopen..., assertsamehost=False still forward these sensitive headers. This vulnerability is fixed in 2.7.0...
CVE-2026-44431
urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connectionfromurl.urlopen..., assertsamehost=False still forward these sensitive headers. This vulnerability is fixed in 2.7.0...
DEBIAN-CVE-2026-44431
urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connectionfromurl.urlopen..., assertsamehost=False still forward these sensitive headers. This vulnerability is fixed in 2.7.0...
UBUNTU-CVE-2026-44431
urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connectionfromurl.urlopen..., assertsamehost=False still forward these sensitive headers. This vulnerability is fixed in 2.7.0...
CVE-2026-44431
urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connectionfromurl.urlopen..., assertsamehost=False still forward these sensitive headers. This vulnerability is fixed in 2.7.0...
CVE-2026-44431 urllib3: Sensitive headers forwarded across origins in proxied low-level redirects
urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connectionfromurl.urlopen..., assertsamehost=False still forward these sensitive headers. This vulnerability is fixed in 2.7.0...
CVE-2026-44431 urllib3: Sensitive headers forwarded across origins in proxied low-level redirects
urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connectionfromurl.urlopen..., assertsamehost=False still forward these sensitive headers. This vulnerability is fixed in 2.7.0...
CVE-2026-44431
CVE-2026-44431 affects urllib3 (Python HTTP client). From versions 1.23 up to, but not including, 2.7.0, cross-origin redirects followed by the low‑level API via ProxyManager.connection_from_url().urlopen(..., assert_same_host=False) still forward sensitive headers. This constitutes a leakage of ...
CVE-2026-44431
urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connectionfromurl.urlopen..., assertsamehost=False still forward these sensitive headers. This vulnerability is fixed in 2.7.0...
CVE-2026-44431
urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connectionfromurl.urlopen..., assertsamehost=False still forward these sensitive headers. This vulnerability is fixed in 2.7.0...
CVE-2026-44431
urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connectionfromurl.urlopen..., assertsamehost=False still forward these sensitive headers. This vulnerability is fixed in 2.7.0...
urllib3 信息泄露漏洞
urllib3 is an open-source Python HTTP library developed by urllib3. This product features a thread-safe connection pool and support for file publishing. Prior to version 1.23 to 2.7.0 of urllib3, there was a vulnerability involving information leakage. This vulnerability stemmed from the ability ...
GHSA-QCCP-GFCP-XXVC urllib3: Sensitive headers forwarded across origins in proxied low-level redirects
Impact When following cross-origin redirects for requests made using urllib3’s high-level APIs, such as urllib3.request, PoolManager.request, and ProxyManager.request, sensitive headers — Authorization, Cookie, and Proxy-Authorization defined in Retry.DEFAULTREMOVEHEADERSONREDIRECT — are stripped...
urllib3: Sensitive headers forwarded across origins in proxied low-level redirects
Impact When following cross-origin redirects for requests made using urllib3’s high-level APIs, such as urllib3.request, PoolManager.request, and ProxyManager.request, sensitive headers — Authorization, Cookie, and Proxy-Authorization defined in Retry.DEFAULTREMOVEHEADERSONREDIRECT — are stripped...
Insertion of Sensitive Information Into Sent Data
Overview urllib3 is a HTTP library with thread-safe connection pooling, file post, and more. Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data in urlopen when using ProxyManager.connectionfromurl with assertsamehost=False, directly rather than v...