Search CVE reports


Toggle filters

11 – 13 of 13 results


CVE-2018-20060

Low priority

Some fixes available 3 of 4

urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header...

1 affected package

python-urllib3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-urllib3 Not affected Not affected Not affected Fixed Fixed
Show less packages

CVE-2016-9015

Medium priority
Not affected

Versions 1.17 and 1.18 of the Python urllib3 library suffer from a vulnerability that can cause them, in certain configurations, to not correctly validate TLS certificates. This places users of the library with those...

1 affected package

python-urllib3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-urllib3 Not affected
Show less packages

CVE-2013-2099

Low priority

Some fixes available 5 of 41

Algorithmic complexity vulnerability in the ssl.match_hostname function in Python 3.2.x, 3.3.x, and earlier, and unspecified versions of python-backports-ssl_match_hostname as used for older Python versions, allows remote...

10 affected packages

bzr, linkchecker, python-tornado, python-urllib3, python2.7...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
bzr Not affected Not affected Not affected Not affected Not affected
linkchecker Not affected Not affected Not in release Not affected Not affected
python-tornado Not affected Not affected Not affected Not affected Not affected
python-urllib3 Not affected Not affected Not affected Not affected Not affected
python2.7 Not in release Not affected Not affected Not affected Not affected
python3.1 Not in release Not in release Not in release Not in release Not in release
python3.2 Not in release Not in release Not in release Not in release Not in release
python3.3 Not in release Not in release Not in release Not in release Not in release
w3af Not in release Not in release Not in release Not in release Vulnerable
zeroinstall-injector Not affected Not affected Not affected Not affected Not affected
Show all 10 packages Show less packages