Search CVE reports
11 – 13 of 13 results
CVE-2018-20060
Low prioritySome fixes available 3 of 4
urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header...
1 affected packages
python-urllib3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| python-urllib3 | Not affected | Not affected | Not affected | Fixed | Fixed |
CVE-2016-9015
Medium priorityVersions 1.17 and 1.18 of the Python urllib3 library suffer from a vulnerability that can cause them, in certain configurations, to not correctly validate TLS certificates. This places users of the library with those...
1 affected packages
python-urllib3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| python-urllib3 | — | — | — | — | Not affected |
CVE-2013-2099
Low prioritySome fixes available 5 of 41
Algorithmic complexity vulnerability in the ssl.match_hostname function in Python 3.2.x, 3.3.x, and earlier, and unspecified versions of python-backports-ssl_match_hostname as used for older Python versions, allows remote...
10 affected packages
bzr, linkchecker, python-tornado, python-urllib3, python2.7...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| bzr | Not affected | Not affected | Not affected | Not affected | Not affected |
| linkchecker | Not affected | Not affected | Not in release | Not affected | Not affected |
| python-tornado | Not affected | Not affected | Not affected | Not affected | Not affected |
| python-urllib3 | Not affected | Not affected | Not affected | Not affected | Not affected |
| python2.7 | Not in release | Not affected | Not affected | Not affected | Not affected |
| python3.1 | Not in release | Not in release | Not in release | Not in release | Not in release |
| python3.2 | Not in release | Not in release | Not in release | Not in release | Not in release |
| python3.3 | Not in release | Not in release | Not in release | Not in release | Not in release |
| w3af | Not in release | Not in release | Not in release | Not in release | Vulnerable |
| zeroinstall-injector | Not affected | Not affected | Not affected | Not affected | Not affected |