Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
PythonUrllib3

4 matches found

CVE
CVEadded 2020/09/30 6:15 p.m.589 views

CVE-2020-26137

urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116.

6.5CVSS7.2AI score0.00471EPSS
CVE
CVEadded 2019/04/15 3:29 p.m.478 views

CVE-2019-11236

In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter.

6.1CVSS7.2AI score0.00636EPSS
CVE
CVEadded 2023/10/15 7:15 p.m.185 views

CVE-2018-25091

urllib3 before 1.24.2 does not remove the authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the authorization header to be exposed to unintended hosts or transmitted in cleartext. NOTE: this i...

6.1CVSS7.1AI score0.00481EPSS
CVE
CVEadded 2021/03/15 6:15 p.m.151 views

CVE-2021-28363

The urllib3 library 1.26.x before 1.26.4 for Python omits SSL certificate validation in some cases involving HTTPS to HTTPS proxies. The initial connection to the HTTPS proxy (if an SSLContext isn't given via proxy_config) doesn't verify the hostname of the certificate. This means certificates for ...

6.5CVSS6.4AI score0.00145EPSS