PT-2025-49261

Name of the Vulnerable Software and Affected Versions urllib3 versions 1.0 through 2.5.16 Description urllib3 is a Python HTTP client library. Versions prior to 2.6.0 have an issue in the Streaming API where it improperly handles highly compressed data. The decompression logic can cause excessive...

Debian: Security Advisory (DLA-3998-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 3998-1] python-urllib3 security update

Debian LTS Advisory DLA-3998-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin December 21, 2024 https://wiki.debian.org/LTS Package : python-urllib3 Version : 1.26.5-1exp1+deb11u1 CVE ID : CVE-2023-43804 CVE-2023-45803 CVE-2024-37891 Debian Bug : 1053626 1054226...

Debian dla-3998 : python3-urllib3 - security update

The remote Debian 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3998 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3998-1 [email protected]...

DLA-3998-1 python-urllib3 - security update

Bulletin has no description...

Security Bulletin: IBM Sterling Connect:Direct Web Service is vulnerable to multiple vulnerabilities due to python - urllib3

Summary IBM Sterling Connect:Direct Web Service uses python - urllib3 ,urllib3 could allow a remote authenticated attacker to obtain sensitive information, caused by the failure to strip the Proxy-Authorization header during cross-origin redirects. Vulnerability Details CVEID:CVE-2024-37891...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-urllib3_1 (SUSE-SU-2024:4358-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:4358-1 advisory. - CVE-2024-37891: Fixed proxy-authorization request header not stripped during cross-origin redirects...

Moderate: Red Hat Security Advisory: python3.11-urllib3 security update

An update for python3.11-urllib3 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Security update for python-urllib3_1

This update for python-urllib31 fixes the following issues: CVE-2024-37891: Fixed proxy-authorization request header not stripped during cross-origin redirects bsc1226469 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zyppe...

SUSE-SU-2024:4358-1 Security update for python-urllib3_1

This update for python-urllib31 fixes the following issues: - CVE-2024-37891: Fixed proxy-authorization request header not stripped during cross-origin redirects bsc1226469...

ALSA-2024:11238 Moderate: python3.11-urllib3 security update

The python-urllib3 package provides the Python HTTP module with connection pooling and file POST abilities. Security Fixes: urllib3: Request body not stripped after redirect from 303 status changes request method to GET CVE-2023-45803 For more details about the security issues, including the...

Moderate: python3.11-urllib3 security update

The python-urllib3 package provides the Python HTTP module with connection pooling and file POST abilities. Security Fixes: urllib3: Request body not stripped after redirect from 303 status changes request method to GET CVE-2023-45803 For more details about the security issues, including the...

ALSA-2024:11189 Moderate: python3.11-urllib3 security update

The python-urllib3 package provides the Python HTTP module with connection pooling and file POST abilities. Security Fixes: urllib3: Request body not stripped after redirect from 303 status changes request method to GET CVE-2023-45803 For more details about the security issues, including the...

The vulnerability of the HTTP client library for Python urllib3, related to improper resource transfer between components, allows attackers to gain unauthorized access to protected information.

The vulnerability of the HTTP client library for Python urllib3 is related to improper handling of the Proxy-Authorization header during redirects between sources. Exploiting this vulnerability can allow a remote attacker to gain unauthorized access to protected information...

ROS-20241211-11

A vulnerability in the HTTP client library for Python urllib3 is related to the fact that the Prox-Authorization header is not removed during source-to-source redirection when using proxy server support urllib3 with ProxyManager . Exploitation of the vulnerability could allow an attacker acting...

RHSA-2024:9985 Red Hat Security Advisory: RHOSP 17.1.4 (python-urllib3) security update

Bulletin has no description...

RHEL 8 : RHOSP 17.1.4 (python-urllib3) (RHSA-2024:9985)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:9985 advisory. Python HTTP module with connection pooling and file POST abilities. Security Fixes: proxy-authorization request header is not stripped during...

Moderate: Red Hat Security Advisory: RHOSP 17.1.4 (python-urllib3) security update

An update for python-urllib3 is now available for Red Hat OpenStack Platform RHOSP 17.1 Wallaby. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Moderate: Red Hat Security Advisory: python3.11-urllib3 security update

An update for python3.11-urllib3 is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Fedora 41 : python-urllib3 (2024-9283a3b879)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-9283a3b879 advisory. Automatic update for python-urllib3-1.26.19-1.fc41. Changelog Wed Jun 26 2024 Lumir Balhar - 1.26.19-1 - Update to 1.26.19 to fix CVE-2024-37891 rhbz2292790...