Python Urllib3 : Security vulnerabilities, CVEs published in 2018

CVE-2018-20060

urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext.

Max CVSS

9.8

EPSS Score

1.11%

Published

2018-12-11

Updated

2021-06-15

1 vulnerabilities found

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!

Accept Close

Python » Urllib3 : Security Vulnerabilities, CVEs, Published In 2018

CVE-2018-20060