MGASA-2019-0258

Advisory lineage Upstream: 3 Downstream: 0

Upstream

CVE-2018-20060 CVE-2019-11236 CVE-2019-11324

Published: 06 Sept 2019, 21:09

Last modified:16 Apr 2026, 04:26

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

06 Sept 2019, 21:09

Published

Vulnerability first disclosed

16 Apr 2026, 04:26

Last Modified

Vulnerability information updated

Description

Updated python-urllib3 packages fix security vulnerability It was discovered that urllib3 incorrectly removed Authorization HTTP headers when handled cross-origin redirects. This could result in credentials being sent to unintended hosts (CVE-2018-20060). It was discovered that urllib3 incorrectly stripped certain characters from requests. A remote attacker could use this issue to perform CRLF injection (CVE-2019-11236). It was discovered that urllib3 incorrectly handled situations where a desired set of CA certificates were specified. This could result in certificates being accepted by the default CA certificates contrary to expectatons (CVE-2019-11324). The python-urllib3 package has been updated to version 1.24.3 to fix these issues and other bugs. The python-requests package has been fixed to work with the updated python-urllib3

Affected Systems

mageia•python-requests
< 2.11.1-2.2.mga6
mageia•python-urllib3
< 1.24.3-1.mga6

MGASA-2019-0258

Vulnerability Summary

Timeline

Description

Affected Systems

References (3)