SUSE-SU-2023:4064-1 Security update for python-urllib3

This update for python-urllib3 fixes the following issues: - CVE-2023-43804: Fixed a potential cookie leak via HTTP redirect if the user manually set the corresponding header bsc1215968...

Fedora: Security Advisory for python-urllib3 (FEDORA-2023-8f53bfe088)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 37 : python-urllib3 (2023-0806784f24)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-0806784f24 advisory. Update to 1.26.17: fix CVE-2023-43804 GHSA-v845-jxx5-vc9f Tenable has extracted the preceding description block directly from the Fedora security advisory...

Debian: Security Advisory (DLA-3610-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 3610-1] python-urllib3 security update

Debian LTS Advisory DLA-3610-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin October 08, 2023 https://wiki.debian.org/LTS Package : python-urllib3 Version : 1.24.1-1+deb10u1 CVE ID : CVE-2019-11236 CVE-2019-11324 CVE-2020-26137 CVE-2023-43804 Debian Bug : 927172...

DLA-3610-1 python-urllib3 - security update

Bulletin has no description...

Debian dla-3610 : python-urllib3 - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3610 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3610-1 [email protected]...

Oracle Linux 7 : python-urllib3 (ELSA-2019-2272)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2019-2272 advisory. - Add patch for CVE-2019-11236 Resolves: rhbz1703360 Tenable has extracted the preceding description block directly from the Oracle Linux security...

K000133668: Python urllib3 vulnerability CVE-2018-20060

Security Advisory Description urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect i.e., a redirect that differs in host, port, or scheme. This can allow for credentials in the Authorization header to be exposed to unintended hosts or...

K000133547: Python urllib3 vulnerability CVE-2020-26137

Security Advisory Description urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest. NOTE: this is similar to CVE-2020-26116. CVE-2020-26137 Impact An attacker may...

Ubuntu: Security Advisory (USN-5812-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-5812-1: urllib3 vulnerability

It was discovered that urllib3 incorrectly handled certain characters in URLs. A remote attacker could possibly use this issue to cause urllib3 to consume resources, leading to a denial of service...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to CRLF injection in Python (CVE-2019-11236).

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to CRLF injection in Python urllib3, caused by improper validation of user-supplied input by the request parameter CVE-2019-11236. A remote attacker could exploit this vulnerability to conduct various attacks...

Ubuntu: Security Advisory (USN-3990-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Scientific Linux Security Update : python on SL7.x i686/x86_64 (2022:5235)

The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the SLSA-2022:5235-1 advisory. - python: CRLF injection via HTTP request method in httplib/http.client CVE-2020-26116 - python-urllib3: CRLF injection via HTTP request method...

new packages: python-urllib3

An update is available for python-urllib3. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Lin...

GHSA-R64Q-W8JR-G9QP Improper Neutralization of CRLF Sequences in urllib3 library for Python

In the urllib3 library through 1.24.2 for Python, CRLF injection is possible if the attacker controls the request parameter...

CVE-2021-33503 affecting package python-urllib3 for versions less than 1.25.9-3

CVE-2021-33503 affecting package python-urllib3 for versions less than 1.25.9-3. A patched version of the package is available...

AlmaLinux 8 : python-urllib3 (ALSA-2021:1631)

The remote AlmaLinux 8 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2021:1631 advisory. - urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the...

The vulnerability of the Python urllib3 HTTP client, related to uncontrolled resource consumption, allows a hacker to perform a denial-of-service attack.

The vulnerability of the HTTP client for Python urllib3 is related to uncontrolled resource consumption. Exploiting this vulnerability allows a remote attacker to perform a denial-of-service attack...