urllib3: proxy-authorization request header is not stripped during cross-origin redirects

A flaw was found in urllib3, an HTTP client library for Python. In certain configurations, urllib3 does not treat the Proxy-Authorization HTTP header as one carrying authentication material. This issue results in not stripping the header on cross-origin redirects...

Moderate: Red Hat Security Advisory: python-urllib3 security update

An update for python-urllib3 is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated this upda...

RHEL 8 : python-urllib3 (RHSA-2024:5041)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:5041 advisory. The python-urllib3 package provides the Python HTTP module with connection pooling and file POST abilities. Security Fixes: urllib3:...

Fedora: Security Advisory (FEDORA-2024-73f181db2a)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2024-e0b0ad79b2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2024-da86a4f061)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-urllib3 (SUSE-SU-2024:2662-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:2662-1 advisory. - CVE-2024-37891: Fixed proxy-authorization request header is not stripped during cross-origin redirects...

SUSE: Security Advisory (SUSE-SU-2024:2662-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-43804 affecting package python-urllib3 for versions less than 2.0.7-1

CVE-2023-43804 affecting package python-urllib3 for versions less than 2.0.7-1. An upgraded version of the package is available that resolves this issue...

CVE-2024-37891 affecting package python-urllib3 for versions less than 2.0.7-1

CVE-2024-37891 affecting package python-urllib3 for versions less than 2.0.7-1. A patched version of the package is available...

CVE-2023-45803 affecting package python-urllib3 for versions less than 2.0.7-1

CVE-2023-45803 affecting package python-urllib3 for versions less than 2.0.7-1. An upgraded version of the package is available that resolves this issue...

SUSE-SU-2024:2462-1 Security update for python-urllib3

This update for python-urllib3 fixes the following issues: - CVE-2023-45803: Fix a request body leak that could occur when receiving a 303 HTTP response bsc1216377...

Fedora 39 : python-urllib3 (2024-e0b0ad79b2)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-e0b0ad79b2 advisory. Update to 1.26.19 to fix CVE-2024-37891 rhbz2292790 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note th...

CBL Mariner 2.0 Security Update: python-pip / python-urllib3 / python3 (CVE-2024-37891)

The version of python-pip / python-urllib3 / python3 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-37891 advisory. - urllib3 is a user-friendly HTTP client library for Python. When using urllib3...

CVE-2024-37891 affecting package python-urllib3 for versions less than 1.26.19-1

CVE-2024-37891 affecting package python-urllib3 for versions less than 1.26.19-1. An upgraded version of the package is available that resolves this issue...

openSUSE Security Advisory (SUSE-SU-2024:2320-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-urllib3 (SUSE-SU-2024:2320-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:2320-1 advisory. - CVE-2024-37891: Fixed proxy-authorization request header not stripped during cross-origin redirects...

SUSE-SU-2024:2320-1 Security update for python-urllib3

This update for python-urllib3 fixes the following issues: - CVE-2024-37891: Fixed proxy-authorization request header not stripped during cross-origin redirects bsc1226469...

CentOS 9 : python-urllib3-1.26.5-6.el9

The remote CentOS Linux 9 host has a package installed that is affected by a vulnerability as referenced in the python- urllib3-1.26.5-6.el9 build changelog. - urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the Proxy-Authorization...

[SECURITY] Fedora 40 Update: python-urllib3-1.26.19-1.fc40

urllib3 is a powerful, user-friendly HTTP client for Python. urllib3 brings many critical features that are missing from the Python standard libraries: =E2=80=A2 Thread safety. =E2=80=A2 Connection pooling. =E2=80=A2 Client-side SSL/TLS verification. =E2=80=A2 File uploads with multipart encoding...