[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-UBUNTU-CVE-2018-25091":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":16,"duplicates":21,"related":22,"reserved_at":9,"published_at":25,"modified_at":26,"state":9,"summary":27,"references_raw":29,"kevs":61,"epss":9,"epss_history":62,"metrics":63,"affected":70},"UBUNTU-CVE-2018-25091","urllib3 before 1.24.2 does not remove the authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the authorization header to be exposed to unintended hosts or transmitted in cleartext. NOTE: this issue exists because of an incomplete fix for CVE-2018-20060 (which was case-sensitive).",null,[],[],[],[14],{"_key":15},"CVE-2018-25091",[17,19],{"_key":18},"USN-6473-1",{"_key":20},"USN-6473-2",[],[23,24],{"_key":18},{"_key":20},"2023-10-15T19:15:00Z","2026-02-04T02:53:51.344308Z",{"cisa_kev":28,"cisa_ransomware":28,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[30,36,40,44,48,53,57],{"url":31,"sources":32,"tags":34},"https://ubuntu.com/security/CVE-2018-25091",[33],"osv_ubuntu",[35],"REPORT",{"url":37,"sources":38,"tags":39},"https://github.com/urllib3/urllib3/issues/1510",[33],[35],{"url":41,"sources":42,"tags":43},"https://github.com/urllib3/urllib3/compare/1.24.1...1.24.2",[33],[35],{"url":45,"sources":46,"tags":47},"https://github.com/urllib3/urllib3/commit/adb358f8e06865406d1f05e581a16cbea2136fbc",[33],[35],{"url":49,"sources":50,"tags":51},"https://ubuntu.com/security/notices/USN-6473-1",[33],[52],"Advisory",{"url":54,"sources":55,"tags":56},"https://ubuntu.com/security/notices/USN-6473-2",[33],[52],{"url":58,"sources":59,"tags":60},"https://www.cve.org/CVERecord?id=CVE-2018-25091",[33],[35],[],[],[64],{"source":33,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":65,"cvss_v4_0":9},{"baseScore":66,"baseSeverity":9,"vectorString":67,"impactScore":68,"exploitabilityScore":69},6.1,"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",4.5,7.2,[71,88],{"ecosystem":72,"name":73,"vendor":74,"product":73,"cpe_part":9,"purl_type":75,"purl_namespace":74,"purl_name":73,"source":9,"versions":76},"Ubuntu","python-pip","ubuntu","deb",[77,81,85],{"version":78,"is_range":79,"range_type":80,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"all",true,"ecosystem",{"version":82,"is_range":79,"range_type":80,"version_start":9,"version_start_type":9,"version_end":83,"version_end_type":84,"fixed_in":9},"lt8_1_1_2ubuntu0_6+esm6","8.1.1-2ubuntu0.6+esm6","excluding",{"version":86,"is_range":79,"range_type":80,"version_start":9,"version_start_type":9,"version_end":87,"version_end_type":84,"fixed_in":9},"lt9_0_1_2_3~ubuntu1_18_04_8+esm2","9.0.1-2.3~ubuntu1.18.04.8+esm2",{"ecosystem":72,"name":89,"vendor":74,"product":89,"cpe_part":9,"purl_type":75,"purl_namespace":74,"purl_name":89,"source":9,"versions":90},"python-urllib3",[91,92,95],{"version":78,"is_range":79,"range_type":80,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"version":93,"is_range":79,"range_type":80,"version_start":9,"version_start_type":9,"version_end":94,"version_end_type":84,"fixed_in":9},"lt1_13_1_2ubuntu0_16_04_4+esm1","1.13.1-2ubuntu0.16.04.4+esm1",{"version":96,"is_range":79,"range_type":80,"version_start":9,"version_start_type":9,"version_end":97,"version_end_type":84,"fixed_in":9},"lt1_22_1ubuntu0_18_04_2+esm1","1.22-1ubuntu0.18.04.2+esm1"]