VYPR
Critical severityNVD Advisory· Published Dec 11, 2018· Updated Dec 27, 2024

CVE-2018-20060

CVE-2018-20060

Description

urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
urllib3PyPI
< 1.231.23

Affected products

41

Patches

Vulnerability mechanics

References

23

News mentions

0

No linked articles in our index yet.