Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
urllib3 信任管理问题漏洞
Vulnerability Description
urllib3是一个基于Python的HTTP库,它具有线程安全连接池和文件后期支持等功能。 urllib3 1.23之前版本中存在安全漏洞,该漏洞源于程序在进行跨源重定向时,没有移除Authorization HTTP报头,导致授权报头中的凭证暴露给其他主机或以明文的形式传输。攻击者可利用该漏洞获取敏感信息。
CVSS Information
N/A
Vulnerability Type
N/A