Search CVE reports
11 – 15 of 15 results
In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter.
1 affected package
python-urllib3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python-urllib3 | — | — | — | Fixed |
Some fixes available 8 of 13
urllib3 before 1.24.2 does not remove the authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the authorization header to be...
2 affected packages
python-urllib3, python-pip
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python-urllib3 | Not affected | Not affected | Not affected | Fixed |
| python-pip | Needs evaluation | Fixed | Fixed | Fixed |
Some fixes available 3 of 4
urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header...
1 affected package
python-urllib3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python-urllib3 | Not affected | Not affected | Not affected | Fixed |
Versions 1.17 and 1.18 of the Python urllib3 library suffer from a vulnerability that can cause them, in certain configurations, to not correctly validate TLS certificates. This places users of the library with those...
1 affected package
python-urllib3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python-urllib3 | — | — | — | — |
Some fixes available 5 of 41
Algorithmic complexity vulnerability in the ssl.match_hostname function in Python 3.2.x, 3.3.x, and earlier, and unspecified versions of python-backports-ssl_match_hostname as used for older Python versions, allows remote...
10 affected packages
bzr, w3af, linkchecker, python-tornado, python-urllib3...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| bzr | Not affected | Not affected | Not affected | Not affected |
| w3af | Not in release | Not in release | Not in release | Not in release |
| linkchecker | Not affected | Not affected | Not in release | Not affected |
| python-tornado | Not affected | Not affected | Not affected | Not affected |
| python-urllib3 | Not affected | Not affected | Not affected | Not affected |
| python2.7 | Not in release | Not affected | Not affected | Not affected |
| python3.1 | Not in release | Not in release | Not in release | Not in release |
| python3.2 | Not in release | Not in release | Not in release | Not in release |
| python3.3 | Not in release | Not in release | Not in release | Not in release |
| zeroinstall-injector | Not affected | Not affected | Not affected | Not affected |