CVE-2018-20060 in urllib3informação

Sumário

de MITRE

urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext.

Once again VulDB remains the best source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Reservar

11/12/2018

Divulgação

11/12/2018

Moderação

aceite

Entrada

VDB-127866

CPE

pronto

CWE

CWE-255 (confirmado)

CVSS

9.8 (NVD)

EPSS

0.00656

KEV

não

Atividades

muito baixo

Fontes

MITRE	https://www.cve.org/CVERecord?id=CVE-2018-20060
NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-20060
CVE Details	https://www.cvedetails.com/cve/CVE-2018-20060/

◂ Voltar Visão Geral Próximo ▸

Might our Artificial Intelligence support you?

Check our Alexa App!