8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
0.001 Low
EPSS
Percentile
36.3%
urllib3 is vulnerable to Information Disclosure. The vulnerability exists because the cookie
http header is not properly handed which allows an attacker to gain information via HTTP redirects and perform unauthorized actions.
github.com/advisories/GHSA-v845-jxx5-vc9f
github.com/urllib3/urllib3/commit/01220354d389cd05474713f8c982d05c9b17aafb
github.com/urllib3/urllib3/commit/644124ecd0b6e417c527191f866daa05a5a2056d
github.com/urllib3/urllib3/security/advisories/GHSA-v845-jxx5-vc9f
lists.debian.org/debian-lts-announce/2023/10/msg00012.html
lists.fedoraproject.org/archives/list/[email protected]/message/5F5CUBAN5XMEBVBZPHFITBLMJV5FIJJ5/
lists.fedoraproject.org/archives/list/[email protected]/message/I3PR7C6RJ6JUBQKIJ644DMIJSUP36VDY/
lists.fedoraproject.org/archives/list/[email protected]/message/NDAGZXYJ7H2G3SB47M453VQVNAWKAEJJ/