Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8
CVE-2018-20060
- EPSS 0.43%
- Published 11.12.2018 17:29:00
- Last modified 27.12.2024 16:15:22
urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to uni...
3.7
CVE-2016-9015
- EPSS 0.17%
- Published 11.01.2017 16:59:00
- Last modified 20.04.2025 01:37:25
Versions 1.17 and 1.18 of the Python urllib3 library suffer from a vulnerability that can cause them, in certain configurations, to not correctly validate TLS certificates. This places users of the library with those configurations at risk of man-in-...