Lucene search
K

4 matches found

RedHat Linux
RedHat Linux
added 2026/06/29 12:53 p.m.6 views

urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers

A flaw was found in urllib3, an HTTP client library for Python. When using the low-level API via ProxyManager.connectionfromurl.urlopen with assertsamehost=False, cross-origin redirects can still forward sensitive headers. This could allow a remote attacker to gain unauthorized access to sensitiv...

8.2CVSS5.8AI score0.00527EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/02/04 10:28 p.m.2 views

CVE-2025-62615 AutoGPT has SSRF vulnerability in ReadRSSFeedBlock

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.34, in RSSFeedBlock, the third-party library urllib.request.urlopen is used directly to access the URL, but the inpu...

9.3CVSS5.3AI score0.00357EPSS
Exploits1References1
OSV
OSV
added 2026/02/04 10:28 p.m.4 views

CVE-2025-62615 AutoGPT has SSRF vulnerability in ReadRSSFeedBlock

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.34, in RSSFeedBlock, the third-party library urllib.request.urlopen is used directly to access the URL, but the inpu...

9.3CVSS5.3AI score0.00357EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2020/04/14 5:56 p.m.5 views

python: CRLF injection via the path part of the url passed to urlopen()

An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the path component of a URL that...

6.1CVSS6.7AI score0.05406EPSS
Exploits1References4
Rows per page
Query Builder