Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
urllib3 before 1.24.2 does not remove the authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the authorization header to be exposed to unintended hosts or transmitted in cleartext. NOTE: this issue exists because of an incomplete fix for CVE-2018-20060 (which was case-sensitive).
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
urllib3 输入验证错误漏洞
Vulnerability Description
urllib3是一款Python HTTP库。该产品具有线程安全连接池、文件发布支持等。 urllib3 1.24.2之前版本存在安全漏洞,该漏洞源于允许攻击者获取授权标头中的凭据或以明文形式传输凭据。
CVSS Information
N/A
Vulnerability Type
N/A