Search CVE reports
11 – 13 of 13 results
CVE-2018-20060
Low prioritySome fixes available 3 of 4
urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header...
1 affected package
python-urllib3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python-urllib3 | Not affected | Not affected | Not affected | Fixed | Fixed |
CVE-2016-9015
Medium priorityVersions 1.17 and 1.18 of the Python urllib3 library suffer from a vulnerability that can cause them, in certain configurations, to not correctly validate TLS certificates. This places users of the library with those...
1 affected package
python-urllib3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python-urllib3 | — | — | — | — | Not affected |
CVE-2013-2099
Low prioritySome fixes available 5 of 41
Algorithmic complexity vulnerability in the ssl.match_hostname function in Python 3.2.x, 3.3.x, and earlier, and unspecified versions of python-backports-ssl_match_hostname as used for older Python versions, allows remote...
10 affected packages
bzr, linkchecker, python-tornado, python-urllib3, python2.7...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
bzr | Not affected | Not affected | Not affected | Not affected | Not affected |
linkchecker | Not affected | Not affected | Not in release | Not affected | Not affected |
python-tornado | Not affected | Not affected | Not affected | Not affected | Not affected |
python-urllib3 | Not affected | Not affected | Not affected | Not affected | Not affected |
python2.7 | Not in release | Not affected | Not affected | Not affected | Not affected |
python3.1 | Not in release | Not in release | Not in release | Not in release | Not in release |
python3.2 | Not in release | Not in release | Not in release | Not in release | Not in release |
python3.3 | Not in release | Not in release | Not in release | Not in release | Not in release |
w3af | Not in release | Not in release | Not in release | Not in release | Vulnerable |
zeroinstall-injector | Not affected | Not affected | Not affected | Not affected | Not affected |