CVE-2018-20060
CVE-2018-20060 affects urllib3/python-urllib3 prior to 1.23, where the Authorization header is not removed on cross-origin redirects. This can allow credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext. Public sources in the Connected documents ind...