OPENSUSE-SU-2020:2237-1 Security update for python-urllib3

This update for python-urllib3 fixes the following issues: - CVE-2020-26137: Fixed a CRLF injection via HTTP request method bsc1177120. This update was imported from the SUSE:SLE-15-SP1:Update update project...

Security update for python-urllib3 (moderate)

openSUSE Security Update: Security update for python-urllib3 Announcement ID: openSUSE-SU-2020:2237-1 Rating: moderate References: 1177120 Cross-References: CVE-2020-26137 Affected Products: openSUSE Leap 15.2 An update that fixes one vulnerability is now available. Description: This update for...

SUSE-SU-2020:3723-1 Security update for python-urllib3

This update for python-urllib3 fixes the following issues: - CVE-2020-26137: Fixed a CRLF injection via HTTP request method bsc1177120...

SUSE-SU-2020:3624-1 Security update for crowbar-openstack, grafana, influxdb, python-urllib3

This update for crowbar-openstack, grafana, influxdb, python-urllib3 contains the following fixes: Security fixes included in this update: openstack-glance - CVE-2016-8611: Added rate limiting for glance api bnc1005886 grafana - CVE-2020-24303: Fixed an XSS via a query alias for the ElasticSearch...

python-urllib3: CRLF injection via HTTP request method

A flaw was found in python-urllib3. The HTTPConnection.request does not properly validate CRLF sequences in the HTTP request method, potentially allowing manipulation of the request by injecting additional HTTP headers. The highest threat from this vulnerability is to confidentiality and integrit...

Ubuntu: Security Advisory (USN-4570-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-4570-1: urllib3 vulnerability

It was discovered that urllib3 incorrectly handled certain character sequences. A remote attacker could possibly use this issue to perform CRLF injection...

CVE-2020-26137

A flaw was found in python-urllib3. The HTTPConnection.request does not properly validate CRLF sequences in the HTTP request method, potentially allowing manipulation of the request by injecting additional HTTP headers. The highest threat from this vulnerability is to confidentiality and integrit...

python-urllib3: CRLF injection due to not encoding the '\r\n' sequence leading to possible attack on internal service

In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter...

python-urllib3: CRLF injection due to not encoding the '\r\n' sequence leading to possible attack on internal service

In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter...

Amazon Linux 2 : python-urllib3, --advisory ALAS2-2020-1446 (ALAS-2020-1446)

The version of python-urllib3 installed on the remote host is prior to 1.25.7-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2020-1446 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version numbe...

EulerOS 2.0 SP2 : python-urllib3 (EulerOS-SA-2020-1643)

According to the versions of the python-urllib3 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the...

Huawei EulerOS: Security Advisory for python-urllib3 (EulerOS-SA-2020-1643)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Scientific Linux Security Update : python-pip on SL7.x (noarch) (20200512)

Security Fixes : - python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure CVE-2018-20060 - python-urllib3: CRLF injection due to not encoding the '\r\n' sequence leading to possible attack on internal service CVE-2019-11236 - python-urllib3:...

Moderate: Red Hat Security Advisory: python-pip security update

An update for python-pip is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure

urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect i.e., a redirect that differs in host, port, or scheme. This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext...

RHEL 7 : python-pip (RHSA-2020:2068)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2068 advisory. pip is a package management system used to install and manage software packages written in Python. Many packages can be found in the Python...

RHEL 7 : python-virtualenv (RHSA-2020:2081)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2081 advisory. The virtualenv tool creates isolated Python environments. The virtualenv tool is a successor to workingenv, and an extension of...

python-urllib3: CRLF injection due to not encoding the '\r\n' sequence leading to possible attack on internal service

In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter...

Moderate: Red Hat Security Advisory: python-pip security update

An update for python-pip is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...