Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
PythonUrllib3*

8 matches found

CVE
CVEadded 2018/12/11 5:0 p.m.1028 views

CVE-2018-20060

CVE-2018-20060 affects urllib3/python-urllib3 prior to 1.23, where the Authorization header is not removed on cross-origin redirects. This can allow credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext. Public sources in the Connected documents ind...

9.8CVSS7.8AI score0.00656EPSS
CVE
CVEadded 2023/10/04 4:1 p.m.846 views

CVE-2023-43804

CVE-2023-43804 affects the Python urllib3 library, where a Cookie header may be leaked across cross-origin redirects if redirects are not disabled. The issue is resolved in urllib3 1.26.17 or 2.0.5. Affected environments are confirmed in multiple reports, including AlmaLinux and Brocade advisorie...

8.1CVSS8AI score0.0095EPSS
CVE
CVEadded 2019/04/18 12:0 a.m.677 views

CVE-2019-11324

The issue CVE-2019-11324 affects the Python urllib3 library prior to 1.24.2, where SSL verification can be bypassed when the SSLContext, ca_certs, or ca_certs_dir arguments differ from the OS CA store, causing TLS handshakes to succeed when they should fail. This is related to how system vs manua...

7.5CVSS6.8AI score0.01015EPSS
CVE
CVEadded 2020/09/29 12:0 a.m.649 views

CVE-2020-26137

CVE-2020-26137 pertains to Python’s urllib3 and is explicitly described as a CRLF injection vulnerability in the HTTP request handling of urllib3/http.client. The connected advisories show affected package and version details: python-urllib3 1.24.2-2 (CBLMariner entry) and a recommended upgrade t...

6.5CVSS7.2AI score0.00903EPSS
CVE
CVEadded 2023/10/17 7:43 p.m.607 views

CVE-2023-45803

CVE-2023-45803 affects the Python urllib3 library. The issue arises when handling HTTP redirects (301/302/303) after a request’s method changes from something that can carry a body (e.g., POST) to GET, where urllib3 previously did not remove the HTTP request body. This could allow leakage of sens...

4.2CVSS6.6AI score0.00056EPSS
CVE
CVEadded 2024/06/17 7:18 p.m.475 views

CVE-2024-37891

CVE-2024-37891 affects urllib3 (Python HTTP client) across multiple distributions (e.g., python3-urllib3, python3.13-pip, python-pip, etc.). The issue: when not using urllib3’s ProxyManager proxy support, a configured Proxy-Authorization header could be sent, and urllib3 may not strip it on cross...

6.5CVSS5.8AI score0.00222EPSS
CVE
CVEadded 2023/10/15 12:0 a.m.233 views

CVE-2018-25091

CVE-2018-25091 affects the urllib3 library (before 1.24.2). When following cross-origin redirects, urllib3 may not remove the Authorization header, allowing credentials to be exposed to unintended hosts or transmitted in cleartext. This is noted as a follow-on from an incomplete fix for CVE-2018-...

6.1CVSS7.1AI score0.00656EPSS
CVE
CVEadded 2025/06/19 1:8 a.m.140 views

CVE-2025-50181

CVE-2025-50181 affects python-urllib3 and was fixed in urllib3 2.5.0. Several connected advisories confirm vulnerable versions are older releases (e.g., python-urllib3

6.1CVSS5.4AI score0.00079EPSS