python-urllib3: CRLF injection via HTTP request method

A flaw was found in python-urllib3. The HTTPConnection.request does not properly validate CRLF sequences in the HTTP request method, potentially allowing manipulation of the request by injecting additional HTTP headers. The highest threat from this vulnerability is to confidentiality and integrit...

Moderate: Red Hat Security Advisory: python-urllib3 security update

An update for python-urllib3 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

new module: python39:3.9

An update is available for python-more-itertools, pytest, python-psycopg2, python-lxml, python-PyMySQL, python3x-six, python-toml, python-urllib3, PyYAML, python-attrs, python-iniconfig, python-requests, modwsgi, python3x-pip, python-py, python-chardet, python-pluggy, Cython, python-psutil,...

python-urllib3 security update

An update is available for python-urllib3. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The python-urllib3 package provides the Python HTTP module with...

RLSA-2021:1631 Moderate: python-urllib3 security update

The python-urllib3 package provides the Python HTTP module with connection pooling and file POST abilities. Security Fixes: python-urllib3: CRLF injection via HTTP request method CVE-2020-26137 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and...

Moderate: python-urllib3 security update

The python-urllib3 package provides the Python HTTP module with connection pooling and file POST abilities. Security Fixes: python-urllib3: CRLF injection via HTTP request method CVE-2020-26137 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and...

Huawei EulerOS: Security Advisory for python-urllib3 (EulerOS-SA-2021-1842)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP3 : python-urllib3 (EulerOS-SA-2021-1842)

According to the version of the python-urllib3 package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS stor...

python-urllib3: HTTPS proxy host name not validated when using default SSLContext

A flaw was found in python-urllib3. SSL certificate validation is omitted in some cases involving HTTPS to HTTPS proxies. The initial connection to the HTTPS proxy if an SSLContext isn't given via proxyconfig doesn't verify the hostname of the certificate. This means certificates for different...

SUSE: Security Advisory (SUSE-SU-2021:0299-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2021:0341-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-28363

A flaw was found in python-urllib3. SSL certificate validation is omitted in some cases involving HTTPS to HTTPS proxies. The initial connection to the HTTPS proxy if an SSLContext isn't given via proxyconfig doesn't verify the hostname of the certificate. This means certificates for different...

SUSE-SU-2021:0515-1 Security update for python-urllib3

This update for python-urllib3 fixes the following issues: - CVE-2020-26116: Raise ValueError if method contains control characters and thus prevent CRLF injection into URLs bsc1177211...

SUSE-SU-2021:0486-1 Security update for python-urllib3

This update for python-urllib3 fixes the following issues: - CVE-2020-26116: Raise ValueError if method contains control characters and thus prevent CRLF injection into URLs bsc1177211...

SUSE-SU-2021:0342-1 Security update for python-urllib3

This update for python-urllib3 fixes the following issues: - CVE-2020-26116: Raise ValueError if method contains control characters and thus prevent CRLF injection into URLs bsc1177211...

SUSE-SU-2021:0341-1 Security update for python-urllib3

This update for python-urllib3 fixes the following issues: - CVE-2020-26116: Raise ValueError if method contains control characters and thus prevent CRLF injection into URLs bsc1177211. - Skip test for RECENTDATE bsc1181571...

SUSE-SU-2021:0299-1 Security update for python-urllib3

This update for python-urllib3 fixes the following issues: - Raise ValueError if method contains control characters and thus prevents CRLF injection into URLs bsc1177211, bpo39603, CVE-2020-26116,...

Important: Red Hat Bug Fix Advisory: OpenShift Container Platform 4.5.30 bug fix update

Red Hat OpenShift Container Platform release 4.5.30 is now available with updates to packages and images that fix several bugs. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This...

CentOS 8 : python27:2.7 (CESA-2020:1605)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:1605 advisory. - python-requests: Redirect from HTTPS to HTTP does not remove Authorization header CVE-2018-18074 - python-urllib3: Cross-host redirect does not remov...

CentOS 8 : python-urllib3 (CESA-2019:3590)

The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2019:3590 advisory. - python-urllib3: CRLF injection due to not encoding the '\r\n' sequence leading to possible attack on internal service CVE-2019-11236 - python-urllib3...