Lucene search
K

534 matches found

Tenable Nessus
Tenable Nessus
added 2024/07/11 12:0 a.m.112 views

CBL Mariner 2.0 Security Update: python-pip / python-urllib3 / python3 (CVE-2024-37891)

The version of python-pip / python-urllib3 / python3 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-37891 advisory. - urllib3 is a user-friendly HTTP client library for Python. When using urllib3...

6.5CVSS6.7AI score0.01141EPSS
Exploits1References2
Microsoft CVE
Microsoft CVE
added 2024/07/10 7:0 a.m.3 views

Proxy-Authorization request header isn't stripped during cross-origin redirects in urllib3

...

6.5CVSS6.6AI score0.01141EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2024/07/09 11:4 a.m.4 views

urllib3: proxy-authorization request header is not stripped during cross-origin redirects

A flaw was found in urllib3, an HTTP client library for Python. In certain configurations, urllib3 does not treat the Proxy-Authorization HTTP header as one carrying authentication material. This issue results in not stripping the header on cross-origin redirects...

6.5CVSS6.7AI score0.01141EPSS
Exploits1References4
OSV
OSV
added 2024/07/08 11:14 a.m.13 views

SUSE-SU-2024:2320-1 Security update for python-urllib3

This update for python-urllib3 fixes the following issues: - CVE-2024-37891: Fixed proxy-authorization request header not stripped during cross-origin redirects bsc1226469...

6.5CVSS5.8AI score0.01141EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2024/07/03 12:0 a.m.28 views

CentOS 9 : python-urllib3-1.26.5-6.el9

The remote CentOS Linux 9 host has a package installed that is affected by a vulnerability as referenced in the python- urllib3-1.26.5-6.el9 build changelog. - urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the Proxy-Authorization...

6.5CVSS6.7AI score0.01141EPSS
Exploits1References2
Microsoft CVE
Microsoft CVE
added 2024/06/30 2:0 p.m.3 views

Proxy-Authorization header not cleared on cross-origin redirect in fetch in Undici

...

4.5CVSS6.7AI score0.00765EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2024/06/17 9:37 p.m.93 views

urllib3's Proxy-Authorization request header isn't stripped during cross-origin redirects

When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy, as expected. However, when sending HTTP requests without using urllib3's proxy support, it's possible to accidentally configure the Proxy-Authorization header even though it...

6.5CVSS5.6AI score0.01141EPSS
Exploits1References8Affected Software1
OSV
OSV
added 2024/06/17 9:37 p.m.2 views

GHSA-34JH-P97F-MPXF urllib3's Proxy-Authorization request header isn't stripped during cross-origin redirects

When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy, as expected. However, when sending HTTP requests without using urllib3's proxy support, it's possible to accidentally configure the Proxy-Authorization header even though it...

4.4CVSS6.8AI score0.01141EPSS
Exploits1References8
NVD
NVD
added 2024/06/17 8:15 p.m.31 views

CVE-2024-37891

urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy, as expected. However, when sending HTTP requests without using urllib3's proxy support, it's possible to accidental...

6.5CVSS0.01141EPSS
Exploits1References5
OSV
OSV
added 2024/06/17 8:15 p.m.1 views

DEBIAN-CVE-2024-37891

urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy, as expected. However, when sending HTTP requests without using urllib3's proxy support, it's possible to accidental...

6.5CVSS6.5AI score0.01141EPSS
Exploits1References1
OSV
OSV
added 2024/06/17 8:15 p.m.4 views

AZL-42733 CVE-2024-37891 affecting package python-urllib3 for versions less than 2.0.7-1

urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy, as expected. However, when sending HTTP requests without using urllib3's proxy support, it's possible to accidental...

6.5CVSS6.6AI score0.01141EPSS
Exploits1References1
OSV
OSV
added 2024/06/17 8:15 p.m.6 views

AZL-59699 CVE-2024-37891 affecting package python3 for versions less than 3.9.19-13

urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy, as expected. However, when sending HTTP requests without using urllib3's proxy support, it's possible to accidental...

6.5CVSS6.6AI score0.01141EPSS
Exploits1References1
OSV
OSV
added 2024/06/17 8:15 p.m.5 views

AZL-42703 CVE-2024-37891 affecting package python-urllib3 for versions less than 1.26.19-1

urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy, as expected. However, when sending HTTP requests without using urllib3's proxy support, it's possible to accidental...

6.5CVSS6.6AI score0.01141EPSS
Exploits1References1
OSV
OSV
added 2024/06/17 8:15 p.m.5 views

AZL-42769 CVE-2024-37891 affecting package python-pip for versions less than 24.2-2

urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy, as expected. However, when sending HTTP requests without using urllib3's proxy support, it's possible to accidental...

6.5CVSS6.6AI score0.01141EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2024/06/17 8:15 p.m.47 views

CVE-2024-37891

urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy, as expected. However, when sending HTTP requests without using urllib3's proxy support, it's possible to accidental...

6.5CVSS6.8AI score0.01141EPSS
Exploits1References4
OSV
OSV
added 2024/06/17 8:15 p.m.2 views

UBUNTU-CVE-2024-37891

urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy, as expected. However, when sending HTTP requests without using urllib3's proxy support, it's possible to accidental...

6.5CVSS6.7AI score0.01141EPSS
Exploits1References5
CVE
CVE
added 2024/06/17 7:18 p.m.521 views

CVE-2024-37891

CVE-2024-37891 affects urllib3 (Python HTTP client) across multiple distributions (e.g., python3-urllib3, python3.13-pip, python-pip, etc.). The issue: when not using urllib3’s ProxyManager proxy support, a configured Proxy-Authorization header could be sent, and urllib3 may not strip it on cross...

6.5CVSS5.8AI score0.01141EPSS
Exploits1References5Affected Software1
AlpineLinux
AlpineLinux
added 2024/06/17 7:18 p.m.2 views

CVE-2024-37891

urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy, as expected. However, when sending HTTP requests without using urllib3's proxy support, it's possible to accidental...

6.5CVSS8.3AI score0.01141EPSS
Exploits1References5
OSV
OSV
added 2024/06/17 7:18 p.m.20 views

CVE-2024-37891 Proxy-Authorization request header isn't stripped during cross-origin redirects in urllib3

urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy, as expected. However, when sending HTTP requests without using urllib3's proxy support, it's possible to accidental...

4.4CVSS7.3AI score0.01141EPSS
Exploits1References7
Cvelist
Cvelist
added 2024/06/17 7:18 p.m.65 views

CVE-2024-37891 Proxy-Authorization request header isn't stripped during cross-origin redirects in urllib3

urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy, as expected. However, when sending HTTP requests without using urllib3's proxy support, it's possible to accidental...

4.4CVSS0.01141EPSS
Exploits1References2
Rows per page
Query Builder