USN-6473-1

Advisory lineage Upstream: 6 Downstream: 0
Published: 07 Nov 2023, 14:20
Last modified:20 May 2026, 16:03

Vulnerability Summary

Overall Risk (default)
minimal
0/100
CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

07 Nov 2023, 14:20
Published
Vulnerability first disclosed
20 May 2026, 16:03
Last Modified
Vulnerability information updated

Description

python-urllib3 vulnerabilities It was discovered that urllib3 didn't strip HTTP Authorization header on cross-origin redirects. A remote attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-25091) It was discovered that urllib3 didn't strip HTTP Cookie header on cross-origin redirects. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2023-43804) It was discovered that urllib3 didn't strip HTTP body on status code 303 redirects under certain circumstances. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2023-45803)

Affected Systems

  • ubuntupython-urllib3

    < 1.13.1-2ubuntu0.16.04.4+esm1 | < 1.22-1ubuntu0.18.04.2+esm1 | < 1.25.8-2ubuntu0.3 | < 1.26.5-1~exp1ubuntu0.1

References (4)