CVE-2018-20060 in urllib3정보

요약

\~에 의해 MITRE

urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext.

Once again VulDB remains the best source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

예약하다

2018. 12. 11.

공개

2018. 12. 11.

모더레이션

수락

항목

VDB-127866

CPE

준비됨

CWE

CWE-255 (확인됨)

CVSS

9.8 (NVD)

EPSS

0.00656

KEV

아니요

활동

매우 낮음

출처

MITRE	https://www.cve.org/CVERecord?id=CVE-2018-20060
NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-20060
CVE Details	https://www.cvedetails.com/cve/CVE-2018-20060/

◂ 이전 개요 다음 ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!