Proxy-Authorization request header isn't stripped during cross-origin redirects in urllib3
Description
urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy, as expected. However, when sending HTTP requests *without* using urllib3's proxy support, it's possible to accidentally configure the Proxy-Authorization header even though it won't have any effect as the request is not using a forwarding proxy or a tunneling proxy. In those cases, urllib3 doesn't treat the Proxy-Authorization HTTP header as one carrying authentication material and thus doesn't strip the header on cross-origin redirects. Because this is a highly unlikely scenario, we believe the severity of this vulnerability is low for almost all users. Out of an abundance of caution urllib3 will automatically strip the Proxy-Authorization header during cross-origin redirects to avoid the small chance that users are doing this on accident. Users should use urllib3's proxy support or disable automatic redirects to achieve safe processing of the Proxy-Authorization header, but we still decided to strip the header by default in order to further protect users who aren't using the correct approach. We believe the number of usages affected by this advisory is low. It requires all of the following to be true to be exploited: 1. Setting the Proxy-Authorization header without using urllib3's built-in proxy support. 2. Not disabling HTTP redirects. 3. Either not using an HTTPS origin server or for the proxy or target origin to redirect to a malicious origin. Users are advised to update to either version 1.26.19 or version 2.2.2. Users unable to upgrade may use the Proxy-Authorization header with urllib3's ProxyManager, disable HTTP redirects using redirects=False when sending requests, or not user the Proxy-Authorization header as mitigations.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
urllib3PyPI | < 1.26.19 | 1.26.19 |
urllib3PyPI | >= 2.0.0, < 2.2.2 | 2.2.2 |
Affected products
336- osv-coords335 versionspkg:apk/chainguard/airflowpkg:apk/chainguard/airflow-bitnami-compatpkg:apk/chainguard/airflow-compatpkg:apk/chainguard/azpkg:apk/chainguard/az-iamguarded-compatpkg:apk/chainguard/barmanpkg:apk/chainguard/barman-cloudnative-pgpkg:apk/chainguard/checkovpkg:apk/chainguard/confluent-docker-utilspkg:apk/chainguard/dask-gatewaypkg:apk/chainguard/dask-gateway-serverpkg:apk/chainguard/datadog-agentpkg:apk/chainguard/datadog-agent-core-integrationspkg:apk/chainguard/datadog-agent-fakeintakepkg:apk/chainguard/datadog-agent-jmxpkg:apk/chainguard/datadog-agent-oci-compatpkg:apk/chainguard/datadog-agent-s6-overlaypkg:apk/chainguard/datadog-cluster-agentpkg:apk/chainguard/datadog-cluster-agent-oci-compatpkg:apk/chainguard/dogstatsdpkg:apk/chainguard/ggshieldpkg:apk/chainguard/gitlab-cng-ee-17.1pkg:apk/chainguard/gitlab-cng-ee-17.1-basepkg:apk/chainguard/gitlab-cng-ee-17.1-certificatespkg:apk/chainguard/gitlab-cng-ee-17.1-cfssl-self-sign-scriptspkg:apk/chainguard/gitlab-cng-ee-17.1-container-registry-scriptspkg:apk/chainguard/gitlab-cng-ee-17.1-exporter-scriptspkg:apk/chainguard/gitlab-cng-ee-17.1-geo-logcursor-scriptspkg:apk/chainguard/gitlab-cng-ee-17.1-gitaly-scriptspkg:apk/chainguard/gitlab-cng-ee-17.1-gitlab-toolboxpkg:apk/chainguard/gitlab-cng-ee-17.1-mailroom-scriptspkg:apk/chainguard/gitlab-cng-ee-17.1-pages-scriptspkg:apk/chainguard/gitlab-cng-ee-17.1-rails-scriptspkg:apk/chainguard/gitlab-cng-ee-17.1-shell-scriptspkg:apk/chainguard/gitlab-cng-ee-17.1-sidekiq-scriptspkg:apk/chainguard/gitlab-cng-ee-17.1-toolbox-scriptspkg:apk/chainguard/gitlab-cng-ee-17.1-webservice-scriptspkg:apk/chainguard/gitlab-cng-ee-17.1-workhorse-scriptspkg:apk/chainguard/gitlab-cng-ee-17.3pkg:apk/chainguard/gitlab-rails-ee-scripts-17.1pkg:apk/chainguard/gitlab-rails-ee-scripts-17.3pkg:apk/chainguard/gitlab-sidekiq-ee-scripts-17.1pkg:apk/chainguard/gitlab-sidekiq-ee-scripts-17.3pkg:apk/chainguard/gitlab-toolbox-ee-17.1pkg:apk/chainguard/gitlab-toolbox-ee-17.3pkg:apk/chainguard/gitlab-toolbox-ee-scripts-17.1pkg:apk/chainguard/gitlab-toolbox-ee-scripts-17.3pkg:apk/chainguard/gitlab-webservice-ee-scripts-17.1pkg:apk/chainguard/gitlab-webservice-ee-scripts-17.3pkg:apk/chainguard/gitlab-workhorse-ee-scripts-17.1pkg:apk/chainguard/gitlab-workhorse-ee-scripts-17.3pkg:apk/chainguard/jwt-toolpkg:apk/chainguard/k8s-sidecarpkg:apk/chainguard/k8s-sidecar-1.22pkg:apk/chainguard/katib-cert-generatorpkg:apk/chainguard/katib-cert-generator-compatpkg:apk/chainguard/katib-controllerpkg:apk/chainguard/katib-controller-compatpkg:apk/chainguard/katib-db-managerpkg:apk/chainguard/katib-db-manager-compatpkg:apk/chainguard/katib-earlystoppingpkg:apk/chainguard/katib-file-metricscollectorpkg:apk/chainguard/katib-file-metricscollector-compatpkg:apk/chainguard/katib-suggestion-goptunapkg:apk/chainguard/katib-suggestion-goptuna-compatpkg:apk/chainguard/katib-suggestion-hyperbandpkg:apk/chainguard/katib-suggestion-hyperoptpkg:apk/chainguard/katib-suggestion-nas-dartspkg:apk/chainguard/katib-suggestion-nas-enaspkg:apk/chainguard/katib-suggestion-optuna-enaspkg:apk/chainguard/katib-suggestion-pbt-enaspkg:apk/chainguard/katib-suggestion-skopt-enaspkg:apk/chainguard/katib-tfevent-metricscollectorpkg:apk/chainguard/kubeflow-jupyter-web-apppkg:apk/chainguard/kubeflow-katibpkg:apk/chainguard/kubeflow-pipelinespkg:apk/chainguard/kubeflow-pipelines-apiserverpkg:apk/chainguard/kubeflow-pipelines-cache-deployerpkg:apk/chainguard/kubeflow-pipelines-cache-deployer-compatpkg:apk/chainguard/kubeflow-pipelines-cache_serverpkg:apk/chainguard/kubeflow-pipelines-frontendpkg:apk/chainguard/kubeflow-pipelines-metadata-envoy-configpkg:apk/chainguard/kubeflow-pipelines-metadata-writerpkg:apk/chainguard/kubeflow-pipelines-metadata-writer-compatpkg:apk/chainguard/kubeflow-pipelines-persistence_agentpkg:apk/chainguard/kubeflow-pipelines-scheduledworkflowpkg:apk/chainguard/kubeflow-pipelines-viewer-crd-controllerpkg:apk/chainguard/kubeflow-pipelines-visualization-serverpkg:apk/chainguard/kubeflow-volumes-web-apppkg:apk/chainguard/mlflowpkg:apk/chainguard/mlflow-bitnamipkg:apk/chainguard/mlflow-iamguarded-compatpkg:apk/chainguard/nemopkg:apk/chainguard/nvidia-nsight-compute-13.1pkg:apk/chainguard/py3.10-pipenvpkg:apk/chainguard/py3.10-pipenv-binpkg:apk/chainguard/py3.10-pytorch-cuda-11.8pkg:apk/chainguard/py3.10-pytorch-cuda-12.3pkg:apk/chainguard/py3.10-torchvision-cuda-11.8pkg:apk/chainguard/py3.10-torchvision-cuda-12.3pkg:apk/chainguard/py3.10-urllib3pkg:apk/chainguard/py3.10-vllm-cuda-11.8pkg:apk/chainguard/py3.10-wheels-torch-cuda-11.8pkg:apk/chainguard/py3.10-wheels-torch-cuda-12.3pkg:apk/chainguard/py3.10-wheels-torchvision-cuda-11.8pkg:apk/chainguard/py3.10-wheels-torchvision-cuda-12.3pkg:apk/chainguard/py3.10-wheels-vllm-cuda-11.8pkg:apk/chainguard/py3.11-pipenvpkg:apk/chainguard/py3.11-pipenv-binpkg:apk/chainguard/py3.11-pytorch-cuda-12.3pkg:apk/chainguard/py3.11-torchaudio-cuda-12.3pkg:apk/chainguard/py3.11-torchvision-cuda-11.8pkg:apk/chainguard/py3.11-torchvision-cuda-12.3pkg:apk/chainguard/py3.11-urllib3pkg:apk/chainguard/py3.11-wheels-torchaudio-cuda-12.3pkg:apk/chainguard/py3.11-wheels-torch-cuda-12.3pkg:apk/chainguard/py3.11-wheels-torchvision-cuda-11.8pkg:apk/chainguard/py3.11-wheels-torchvision-cuda-12.3pkg:apk/chainguard/py3.12-pipenvpkg:apk/chainguard/py3.12-pipenv-binpkg:apk/chainguard/py3.12-pytorch-cuda-11.8pkg:apk/chainguard/py3.12-pytorch-cuda-12.3pkg:apk/chainguard/py3.12-torchvision-cuda-12.3pkg:apk/chainguard/py3.12-urllib3pkg:apk/chainguard/py3.12-wheels-torch-cuda-11.8pkg:apk/chainguard/py3.12-wheels-torch-cuda-12.3pkg:apk/chainguard/py3.12-wheels-torchvision-cuda-11.8pkg:apk/chainguard/py3.12-wheels-torchvision-cuda-12.3pkg:apk/chainguard/py3.13-pipenvpkg:apk/chainguard/py3.13-pipenv-binpkg:apk/chainguard/py3.9-pytorch-cuda-11.8pkg:apk/chainguard/py3.9-pytorch-cuda-12.3pkg:apk/chainguard/py3.9-torchvision-cuda-11.8pkg:apk/chainguard/py3.9-torchvision-cuda-12.3pkg:apk/chainguard/py3.9-wheels-torch-cuda-11.8pkg:apk/chainguard/py3.9-wheels-torch-cuda-12.3pkg:apk/chainguard/py3.9-wheels-torchvision-cuda-11.8pkg:apk/chainguard/py3.9-wheels-torchvision-cuda-12.3pkg:apk/chainguard/py3-cassandra-medusapkg:apk/chainguard/py3-cassandra-medusa-compatpkg:apk/chainguard/py3-pipenvpkg:apk/chainguard/py3-supported-pipenvpkg:apk/chainguard/py3-urllib3pkg:apk/chainguard/py3-urllib3-1pkg:apk/chainguard/reflexpkg:apk/chainguard/request-1276pkg:apk/chainguard/request-1276-compatpkg:apk/chainguard/supersetpkg:apk/chainguard/superset-cipkg:apk/chainguard/superset-entrypointpkg:apk/chainguard/superset-iamguarded-compatpkg:apk/wolfi/airflowpkg:apk/wolfi/airflow-bitnami-compatpkg:apk/wolfi/airflow-compatpkg:apk/wolfi/azpkg:apk/wolfi/az-iamguarded-compatpkg:apk/wolfi/checkovpkg:apk/wolfi/confluent-docker-utilspkg:apk/wolfi/dask-gatewaypkg:apk/wolfi/dask-gateway-serverpkg:apk/wolfi/datadog-agentpkg:apk/wolfi/datadog-agent-core-integrationspkg:apk/wolfi/datadog-agent-fakeintakepkg:apk/wolfi/datadog-agent-jmxpkg:apk/wolfi/datadog-agent-oci-compatpkg:apk/wolfi/datadog-agent-s6-overlaypkg:apk/wolfi/datadog-cluster-agentpkg:apk/wolfi/datadog-cluster-agent-oci-compatpkg:apk/wolfi/dogstatsdpkg:apk/wolfi/ggshieldpkg:apk/wolfi/jwt-toolpkg:apk/wolfi/k8s-sidecarpkg:apk/wolfi/katib-cert-generatorpkg:apk/wolfi/katib-cert-generator-compatpkg:apk/wolfi/katib-controllerpkg:apk/wolfi/katib-controller-compatpkg:apk/wolfi/katib-db-managerpkg:apk/wolfi/katib-db-manager-compatpkg:apk/wolfi/katib-earlystoppingpkg:apk/wolfi/katib-file-metricscollectorpkg:apk/wolfi/katib-file-metricscollector-compatpkg:apk/wolfi/katib-suggestion-goptunapkg:apk/wolfi/katib-suggestion-goptuna-compatpkg:apk/wolfi/katib-suggestion-hyperbandpkg:apk/wolfi/katib-suggestion-hyperoptpkg:apk/wolfi/katib-suggestion-nas-dartspkg:apk/wolfi/katib-suggestion-nas-enaspkg:apk/wolfi/katib-suggestion-optuna-enaspkg:apk/wolfi/katib-suggestion-pbt-enaspkg:apk/wolfi/katib-suggestion-skopt-enaspkg:apk/wolfi/katib-tfevent-metricscollectorpkg:apk/wolfi/kubeflow-jupyter-web-apppkg:apk/wolfi/kubeflow-katibpkg:apk/wolfi/kubeflow-pipelinespkg:apk/wolfi/kubeflow-pipelines-apiserverpkg:apk/wolfi/kubeflow-pipelines-cache-deployerpkg:apk/wolfi/kubeflow-pipelines-cache-deployer-compatpkg:apk/wolfi/kubeflow-pipelines-cache_serverpkg:apk/wolfi/kubeflow-pipelines-frontendpkg:apk/wolfi/kubeflow-pipelines-metadata-envoy-configpkg:apk/wolfi/kubeflow-pipelines-metadata-writerpkg:apk/wolfi/kubeflow-pipelines-metadata-writer-compatpkg:apk/wolfi/kubeflow-pipelines-persistence_agentpkg:apk/wolfi/kubeflow-pipelines-scheduledworkflowpkg:apk/wolfi/kubeflow-pipelines-viewer-crd-controllerpkg:apk/wolfi/kubeflow-pipelines-visualization-serverpkg:apk/wolfi/kubeflow-volumes-web-apppkg:apk/wolfi/mlflowpkg:apk/wolfi/mlflow-bitnamipkg:apk/wolfi/mlflow-iamguarded-compatpkg:apk/wolfi/py3.10-pipenvpkg:apk/wolfi/py3.10-pipenv-binpkg:apk/wolfi/py3.10-urllib3pkg:apk/wolfi/py3.11-pipenvpkg:apk/wolfi/py3.11-pipenv-binpkg:apk/wolfi/py3.11-urllib3pkg:apk/wolfi/py3.12-pipenvpkg:apk/wolfi/py3.12-pipenv-binpkg:apk/wolfi/py3.12-urllib3pkg:apk/wolfi/py3.13-pipenvpkg:apk/wolfi/py3.13-pipenv-binpkg:apk/wolfi/py3-cassandra-medusapkg:apk/wolfi/py3-cassandra-medusa-compatpkg:apk/wolfi/py3-pipenvpkg:apk/wolfi/py3-supported-pipenvpkg:apk/wolfi/py3-urllib3pkg:apk/wolfi/py3-urllib3-1pkg:apk/wolfi/reflexpkg:apk/wolfi/supersetpkg:apk/wolfi/superset-cipkg:apk/wolfi/superset-entrypointpkg:apk/wolfi/superset-iamguarded-compatpkg:pypi/urllib3pkg:rpm/almalinux/fence-agents-aliyunpkg:rpm/almalinux/fence-agents-allpkg:rpm/almalinux/fence-agents-amt-wspkg:rpm/almalinux/fence-agents-apcpkg:rpm/almalinux/fence-agents-apc-snmppkg:rpm/almalinux/fence-agents-awspkg:rpm/almalinux/fence-agents-azure-armpkg:rpm/almalinux/fence-agents-bladecenterpkg:rpm/almalinux/fence-agents-brocadepkg:rpm/almalinux/fence-agents-cisco-mdspkg:rpm/almalinux/fence-agents-cisco-ucspkg:rpm/almalinux/fence-agents-commonpkg:rpm/almalinux/fence-agents-computepkg:rpm/almalinux/fence-agents-drac5pkg:rpm/almalinux/fence-agents-eaton-snmppkg:rpm/almalinux/fence-agents-emersonpkg:rpm/almalinux/fence-agents-epspkg:rpm/almalinux/fence-agents-gcepkg:rpm/almalinux/fence-agents-heuristics-pingpkg:rpm/almalinux/fence-agents-hpbladepkg:rpm/almalinux/fence-agents-ibmbladepkg:rpm/almalinux/fence-agents-ibm-powervspkg:rpm/almalinux/fence-agents-ibm-vpcpkg:rpm/almalinux/fence-agents-ifmibpkg:rpm/almalinux/fence-agents-ilo2pkg:rpm/almalinux/fence-agents-ilo-moonshotpkg:rpm/almalinux/fence-agents-ilo-mppkg:rpm/almalinux/fence-agents-ilo-sshpkg:rpm/almalinux/fence-agents-intelmodularpkg:rpm/almalinux/fence-agents-ipdupkg:rpm/almalinux/fence-agents-ipmilanpkg:rpm/almalinux/fence-agents-kdumppkg:rpm/almalinux/fence-agents-kubevirtpkg:rpm/almalinux/fence-agents-lparpkg:rpm/almalinux/fence-agents-mpathpkg:rpm/almalinux/fence-agents-openstackpkg:rpm/almalinux/fence-agents-redfishpkg:rpm/almalinux/fence-agents-rhevmpkg:rpm/almalinux/fence-agents-rsapkg:rpm/almalinux/fence-agents-rsbpkg:rpm/almalinux/fence-agents-sbdpkg:rpm/almalinux/fence-agents-scsipkg:rpm/almalinux/fence-agents-virshpkg:rpm/almalinux/fence-agents-vmware-restpkg:rpm/almalinux/fence-agents-vmware-soappkg:rpm/almalinux/fence-agents-wtipkg:rpm/almalinux/fence-agents-zvmpkg:rpm/almalinux/fence-virtpkg:rpm/almalinux/fence-virtdpkg:rpm/almalinux/fence-virtd-cpgpkg:rpm/almalinux/fence-virtd-libvirtpkg:rpm/almalinux/fence-virtd-multicastpkg:rpm/almalinux/fence-virtd-serialpkg:rpm/almalinux/fence-virtd-tcppkg:rpm/almalinux/ha-cloud-supportpkg:rpm/almalinux/python3.11-urllib3pkg:rpm/almalinux/python3.12-urllib3pkg:rpm/almalinux/python3-urllib3pkg:rpm/almalinux/resource-agentspkg:rpm/almalinux/resource-agents-aliyunpkg:rpm/almalinux/resource-agents-gcppkg:rpm/almalinux/resource-agents-pafpkg:rpm/opensuse/oci-cli&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/python-urllib3_1&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/python-urllib3&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/python-urllib3&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/python-urllib3&distro=openSUSE%20Leap%20Micro%205.5pkg:rpm/opensuse/python-urllib3&distro=openSUSE%20Tumbleweedpkg:rpm/suse/python-urllib3_1&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%203%2015%20SP6pkg:rpm/suse/python-urllib3&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/python-urllib3&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/python-urllib3&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/python-urllib3&distro=SUSE%20Linux%20Enterprise%20Micro%205.4pkg:rpm/suse/python-urllib3&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/python-urllib3&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5pkg:rpm/suse/python-urllib3&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/python-urllib3&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2012pkg:rpm/suse/python-urllib3&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP4pkg:rpm/suse/python-urllib3&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%203%2015%20SP5pkg:rpm/suse/python-urllib3&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%203%2015%20SP6pkg:rpm/suse/python-urllib3&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/python-urllib3&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/python-urllib3&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/python-urllib3&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP5pkg:rpm/suse/python-urllib3&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/saltbundlepy-core&distro=SUSE:EL-9:Update:Products:SaltBundle:Updatepkg:rpm/suse/saltbundlepy-cryptography&distro=SUSE:EL-9:Update:Products:SaltBundle:Updatepkg:rpm/suse/saltbundlepy&distro=SUSE:EL-9:Update:Products:SaltBundle:Updatepkg:rpm/suse/saltbundlepy-docker&distro=SUSE:EL-9:Update:Products:SaltBundle:Updatepkg:rpm/suse/saltbundlepy-idna&distro=SUSE:EL-9:Update:Products:SaltBundle:Updatepkg:rpm/suse/saltbundlepy-passlib&distro=SUSE:EL-9:Update:Products:SaltBundle:Updatepkg:rpm/suse/saltbundlepy-passlib-test&distro=SUSE:EL-9:Update:Products:SaltBundle:Updatepkg:rpm/suse/saltbundlepy-setuptools&distro=SUSE:EL-9:Update:Products:SaltBundle:Updatepkg:rpm/suse/saltbundlepy-urllib3&distro=SUSE:EL-9:Update:Products:SaltBundle:Updatepkg:rpm/suse/saltbundlepy-zipp&distro=SUSE:EL-9:Update:Products:SaltBundle:Updatepkg:rpm/suse/venv-salt-minion&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/venv-salt-minion&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/venv-salt-minion&distro=SUSE%20Manager%20Client%20Tools%20for%20RHEL,%20Liberty%20and%20Clones%209-CLIENT-TOOLSpkg:rpm/suse/venv-salt-minion&distro=SUSE%20Manager%20Client%20Tools%20for%20SLE%20Micro%205pkg:rpm/suse/venv-salt-minion&distro=SUSE%20Manager%20Proxy%20Module%204.3pkg:rpm/suse/venv-salt-minion&distro=SUSE%20Manager%20Server%20Module%204.3pkg:rpm/suse/venv-salt-minion&distro=SUSE:EL-9:Update:Products:SaltBundle:Update
< 2.9.2-r1+ 334 more
- (no CPE)range: < 2.9.2-r1
- (no CPE)range: < 2.9.2-r1
- (no CPE)range: < 2.9.2-r1
- (no CPE)range: < 2.61.0-r1
- (no CPE)range: < 2.61.0-r1
- (no CPE)range: < 3.10.1-r1
- (no CPE)range: < 3.10.1-r1
- (no CPE)range: < 3.0.34-r1
- (no CPE)range: < 0.0.82-r0
- (no CPE)range: < 2024.1.0-r6
- (no CPE)range: < 2024.1.0-r6
- (no CPE)range: < 7.55.2-r0
- (no CPE)range: < 7.55.2-r0
- (no CPE)range: < 7.55.2-r0
- (no CPE)range: < 7.55.2-r0
- (no CPE)range: < 7.55.2-r0
- (no CPE)range: < 7.55.2-r0
- (no CPE)range: < 7.55.2-r0
- (no CPE)range: < 7.55.2-r0
- (no CPE)range: < 7.55.2-r0
- (no CPE)range: < 1.28.0-r0
- (no CPE)range: < 17.1.7-r0
- (no CPE)range: < 17.1.7-r0
- (no CPE)range: < 17.1.7-r0
- (no CPE)range: < 17.1.7-r0
- (no CPE)range: < 17.1.7-r0
- (no CPE)range: < 17.1.7-r0
- (no CPE)range: < 17.1.7-r0
- (no CPE)range: < 17.1.7-r0
- (no CPE)range: < 17.1.7-r0
- (no CPE)range: < 17.1.7-r0
- (no CPE)range: < 17.1.7-r0
- (no CPE)range: < 17.1.7-r0
- (no CPE)range: < 17.1.7-r0
- (no CPE)range: < 17.1.7-r0
- (no CPE)range: < 17.1.7-r0
- (no CPE)range: < 17.1.7-r0
- (no CPE)range: < 17.1.7-r0
- (no CPE)range: < 17.3.0-r1
- (no CPE)range: < 17.1.7-r0
- (no CPE)range: < 17.3.0-r1
- (no CPE)range: < 17.1.7-r0
- (no CPE)range: < 17.3.0-r1
- (no CPE)range: < 17.1.7-r0
- (no CPE)range: < 17.3.0-r1
- (no CPE)range: < 17.1.7-r0
- (no CPE)range: < 17.3.0-r1
- (no CPE)range: < 17.1.7-r0
- (no CPE)range: < 17.3.0-r1
- (no CPE)range: < 17.1.7-r0
- (no CPE)range: < 17.3.0-r1
- (no CPE)range: < 2.2.7-r1
- (no CPE)range: < 1.27.4-r1
- (no CPE)range: < 1.22.4-r2
- (no CPE)range: < 0.18.0-r0
- (no CPE)range: < 0.18.0-r0
- (no CPE)range: < 0.18.0-r0
- (no CPE)range: < 0.18.0-r0
- (no CPE)range: < 0.18.0-r0
- (no CPE)range: < 0.18.0-r0
- (no CPE)range: < 0.18.0-r0
- (no CPE)range: < 0.18.0-r0
- (no CPE)range: < 0.18.0-r0
- (no CPE)range: < 0.18.0-r0
- (no CPE)range: < 0.18.0-r0
- (no CPE)range: < 0.18.0-r0
- (no CPE)range: < 0.18.0-r0
- (no CPE)range: < 0.18.0-r0
- (no CPE)range: < 0.18.0-r0
- (no CPE)range: < 0.18.0-r0
- (no CPE)range: < 0.18.0-r0
- (no CPE)range: < 0.18.0-r0
- (no CPE)range: < 0.18.0-r0
- (no CPE)range: < 1.8.0-r9
- (no CPE)range: < 0.18.0-r0
- (no CPE)range: < 2.2.0-r4
- (no CPE)range: < 2.2.0-r4
- (no CPE)range: < 2.2.0-r4
- (no CPE)range: < 2.2.0-r4
- (no CPE)range: < 2.2.0-r4
- (no CPE)range: < 2.2.0-r4
- (no CPE)range: < 2.2.0-r4
- (no CPE)range: < 2.2.0-r4
- (no CPE)range: < 2.2.0-r4
- (no CPE)range: < 2.2.0-r4
- (no CPE)range: < 2.2.0-r4
- (no CPE)range: < 2.2.0-r4
- (no CPE)range: < 2.3.0-r1
- (no CPE)range: < 1.8.0-r7
- (no CPE)range: < 2.14.1-r0
- (no CPE)range: < 2.14.1-r0
- (no CPE)range: < 2.14.1-r0
- (no CPE)range: < 1.23.0-r12
- (no CPE)range: < 2025.4.1.2-r1
- (no CPE)range: < 2024.4.0-r0
- (no CPE)range: < 2024.4.0-r0
- (no CPE)range: < 2.3.1-r2
- (no CPE)range: < 2.3.1-r2
- (no CPE)range: < 0.18.1-r3
- (no CPE)range: < 0.18.1-r4
- (no CPE)range: < 2.2.2-r0
- (no CPE)range: < 0.6.4-r0
- (no CPE)range: < 2.3.1-r2
- (no CPE)range: < 2.3.1-r2
- (no CPE)range: < 0.18.1-r3
- (no CPE)range: < 0.18.1-r4
- (no CPE)range: < 0.6.4-r0
- (no CPE)range: < 2024.4.0-r0
- (no CPE)range: < 2024.4.0-r0
- (no CPE)range: < 2.3.1-r6
- (no CPE)range: < 2.3.1-r1
- (no CPE)range: < 0.18.1-r3
- (no CPE)range: < 0.18.1-r5
- (no CPE)range: < 2.2.2-r0
- (no CPE)range: < 2.3.1-r1
- (no CPE)range: < 2.3.1-r6
- (no CPE)range: < 0.18.1-r3
- (no CPE)range: < 0.18.1-r5
- (no CPE)range: < 2024.4.0-r0
- (no CPE)range: < 2024.4.0-r0
- (no CPE)range: < 2.3.1-r1
- (no CPE)range: < 2.3.1-r1
- (no CPE)range: < 0.18.1-r2
- (no CPE)range: < 2.2.2-r0
- (no CPE)range: < 2.3.1-r1
- (no CPE)range: < 2.3.1-r1
- (no CPE)range: < 0.18.1-r2
- (no CPE)range: < 0.18.1-r2
- (no CPE)range: < 2024.4.0-r0
- (no CPE)range: < 2024.4.0-r0
- (no CPE)range: < 2.3.1-r2
- (no CPE)range: < 2.3.1-r1
- (no CPE)range: < 0.18.1-r3
- (no CPE)range: < 0.18.1-r2
- (no CPE)range: < 2.3.1-r2
- (no CPE)range: < 2.3.1-r1
- (no CPE)range: < 0.18.1-r3
- (no CPE)range: < 0.18.1-r2
- (no CPE)range: < 0.23.0-r30
- (no CPE)range: < 0.23.0-r30
- (no CPE)range: < 2024.4.0-r0
- (no CPE)range: < 2024.4.0-r0
- (no CPE)range: < 2.2.2-r0
- (no CPE)range: < 1.26.19-r0
- (no CPE)range: < 0.5.5-r0
- (no CPE)range: < 0.23.0-r0
- (no CPE)range: < 0.23.0-r0
- (no CPE)range: < 4.0.1-r2
- (no CPE)range: < 4.0.1-r2
- (no CPE)range: < 4.0.1-r2
- (no CPE)range: < 4.0.1-r2
- (no CPE)range: < 2.9.2-r1
- (no CPE)range: < 2.9.2-r1
- (no CPE)range: < 2.9.2-r1
- (no CPE)range: < 2.61.0-r1
- (no CPE)range: < 2.61.0-r1
- (no CPE)range: < 3.0.34-r1
- (no CPE)range: < 0.0.82-r0
- (no CPE)range: < 2024.1.0-r6
- (no CPE)range: < 2024.1.0-r6
- (no CPE)range: < 7.55.2-r0
- (no CPE)range: < 7.55.2-r0
- (no CPE)range: < 7.55.2-r0
- (no CPE)range: < 7.55.2-r0
- (no CPE)range: < 7.55.2-r0
- (no CPE)range: < 7.55.2-r0
- (no CPE)range: < 7.55.2-r0
- (no CPE)range: < 7.55.2-r0
- (no CPE)range: < 7.55.2-r0
- (no CPE)range: < 1.28.0-r0
- (no CPE)range: < 2.2.7-r1
- (no CPE)range: < 1.27.4-r1
- (no CPE)range: < 0.18.0-r0
- (no CPE)range: < 0.18.0-r0
- (no CPE)range: < 0.18.0-r0
- (no CPE)range: < 0.18.0-r0
- (no CPE)range: < 0.18.0-r0
- (no CPE)range: < 0.18.0-r0
- (no CPE)range: < 0.18.0-r0
- (no CPE)range: < 0.18.0-r0
- (no CPE)range: < 0.18.0-r0
- (no CPE)range: < 0.18.0-r0
- (no CPE)range: < 0.18.0-r0
- (no CPE)range: < 0.18.0-r0
- (no CPE)range: < 0.18.0-r0
- (no CPE)range: < 0.18.0-r0
- (no CPE)range: < 0.18.0-r0
- (no CPE)range: < 0.18.0-r0
- (no CPE)range: < 0.18.0-r0
- (no CPE)range: < 0.18.0-r0
- (no CPE)range: < 0.18.0-r0
- (no CPE)range: < 1.8.0-r9
- (no CPE)range: < 0.18.0-r0
- (no CPE)range: < 2.2.0-r4
- (no CPE)range: < 2.2.0-r4
- (no CPE)range: < 2.2.0-r4
- (no CPE)range: < 2.2.0-r4
- (no CPE)range: < 2.2.0-r4
- (no CPE)range: < 2.2.0-r4
- (no CPE)range: < 2.2.0-r4
- (no CPE)range: < 2.2.0-r4
- (no CPE)range: < 2.2.0-r4
- (no CPE)range: < 2.2.0-r4
- (no CPE)range: < 2.2.0-r4
- (no CPE)range: < 2.2.0-r4
- (no CPE)range: < 2.3.0-r1
- (no CPE)range: < 1.8.0-r7
- (no CPE)range: < 2.14.1-r0
- (no CPE)range: < 2.14.1-r0
- (no CPE)range: < 2.14.1-r0
- (no CPE)range: < 2024.4.0-r0
- (no CPE)range: < 2024.4.0-r0
- (no CPE)range: < 2.2.2-r0
- (no CPE)range: < 2024.4.0-r0
- (no CPE)range: < 2024.4.0-r0
- (no CPE)range: < 2.2.2-r0
- (no CPE)range: < 2024.4.0-r0
- (no CPE)range: < 2024.4.0-r0
- (no CPE)range: < 2.2.2-r0
- (no CPE)range: < 2024.4.0-r0
- (no CPE)range: < 2024.4.0-r0
- (no CPE)range: < 0.23.0-r30
- (no CPE)range: < 0.23.0-r30
- (no CPE)range: < 2024.4.0-r0
- (no CPE)range: < 2024.4.0-r0
- (no CPE)range: < 2.2.2-r0
- (no CPE)range: < 1.26.19-r0
- (no CPE)range: < 0.5.5-r0
- (no CPE)range: < 4.0.1-r2
- (no CPE)range: < 4.0.1-r2
- (no CPE)range: < 4.0.1-r2
- (no CPE)range: < 4.0.1-r2
- (no CPE)range: < 1.26.19
- (no CPE)range: < 4.10.0-62.el9_4.4.alma.1
- (no CPE)range: < 4.10.0-62.el9_4.4.alma.1
- (no CPE)range: < 4.10.0-62.el9_4.4.alma.1
- (no CPE)range: < 4.10.0-62.el9_4.4.alma.1
- (no CPE)range: < 4.10.0-62.el9_4.4.alma.1
- (no CPE)range: < 4.10.0-62.el9_4.4.alma.1
- (no CPE)range: < 4.10.0-62.el9_4.4.alma.1
- (no CPE)range: < 4.10.0-62.el9_4.4.alma.1
- (no CPE)range: < 4.10.0-62.el9_4.4.alma.1
- (no CPE)range: < 4.10.0-62.el9_4.4.alma.1
- (no CPE)range: < 4.10.0-62.el9_4.4.alma.1
- (no CPE)range: < 4.10.0-62.el9_4.4.alma.1
- (no CPE)range: < 4.10.0-62.el9_4.4.alma.1
- (no CPE)range: < 4.10.0-62.el9_4.4.alma.1
- (no CPE)range: < 4.10.0-62.el9_4.4.alma.1
- (no CPE)range: < 4.10.0-62.el9_4.4.alma.1
- (no CPE)range: < 4.10.0-62.el9_4.4.alma.1
- (no CPE)range: < 4.10.0-62.el9_4.4.alma.1
- (no CPE)range: < 4.10.0-62.el9_4.4.alma.1
- (no CPE)range: < 4.10.0-62.el9_4.4.alma.1
- (no CPE)range: < 4.10.0-62.el9_4.4.alma.1
- (no CPE)range: < 4.10.0-62.el9_4.4.alma.1
- (no CPE)range: < 4.10.0-62.el9_4.4.alma.1
- (no CPE)range: < 4.10.0-62.el9_4.4.alma.1
- (no CPE)range: < 4.10.0-62.el9_4.4.alma.1
- (no CPE)range: < 4.10.0-62.el9_4.4.alma.1
- (no CPE)range: < 4.10.0-62.el9_4.4.alma.1
- (no CPE)range: < 4.10.0-62.el9_4.4.alma.1
- (no CPE)range: < 4.10.0-62.el9_4.4.alma.1
- (no CPE)range: < 4.10.0-62.el9_4.4.alma.1
- (no CPE)range: < 4.10.0-62.el9_4.4.alma.1
- (no CPE)range: < 4.10.0-62.el9_4.4.alma.1
- (no CPE)range: < 4.10.0-62.el9_4.4.alma.1
- (no CPE)range: < 4.10.0-62.el9_4.4.alma.1
- (no CPE)range: < 4.10.0-62.el9_4.4.alma.1
- (no CPE)range: < 4.10.0-62.el9_4.4.alma.1
- (no CPE)range: < 4.10.0-62.el9_4.4.alma.1
- (no CPE)range: < 4.10.0-62.el9_4.4.alma.1
- (no CPE)range: < 4.10.0-62.el9_4.4.alma.1
- (no CPE)range: < 4.10.0-62.el9_4.4.alma.1
- (no CPE)range: < 4.10.0-62.el9_4.4.alma.1
- (no CPE)range: < 4.10.0-62.el9_4.4.alma.1
- (no CPE)range: < 4.10.0-62.el9_4.4.alma.1
- (no CPE)range: < 4.10.0-62.el9_4.4.alma.1
- (no CPE)range: < 4.10.0-62.el9_4.4.alma.1
- (no CPE)range: < 4.10.0-62.el9_4.4.alma.1
- (no CPE)range: < 4.10.0-62.el9_4.4.alma.1
- (no CPE)range: < 4.10.0-62.el9_4.4.alma.1
- (no CPE)range: < 4.10.0-62.el9_4.4.alma.1
- (no CPE)range: < 4.10.0-62.el9_4.4.alma.1
- (no CPE)range: < 4.10.0-62.el9_4.4.alma.1
- (no CPE)range: < 4.10.0-62.el9_4.4.alma.1
- (no CPE)range: < 4.10.0-62.el9_4.4.alma.1
- (no CPE)range: < 4.10.0-62.el9_4.4.alma.1
- (no CPE)range: < 4.10.0-62.el9_4.4.alma.1
- (no CPE)range: < 1.26.12-4.el8_10
- (no CPE)range: < 1.26.19-1.el8_10
- (no CPE)range: < 1.24.2-8.el8_10
- (no CPE)range: < 4.9.0-54.el8_10.4
- (no CPE)range: < 4.9.0-54.el8_10.4
- (no CPE)range: < 4.9.0-54.el8_10.4
- (no CPE)range: < 4.9.0-54.el8_10.4
- (no CPE)range: < 3.76.2-1.1
- (no CPE)range: < 1.26.18-150600.3.3.1
- (no CPE)range: < 2.0.7-150400.7.18.1
- (no CPE)range: < 2.0.7-150400.7.18.1
- (no CPE)range: < 1.25.10-150300.4.12.1
- (no CPE)range: < 2.1.0-3.1
- (no CPE)range: < 1.26.18-150600.3.3.1
- (no CPE)range: < 1.25.10-150300.4.12.1
- (no CPE)range: < 1.25.10-150300.4.12.1
- (no CPE)range: < 1.25.10-150300.4.12.1
- (no CPE)range: < 1.25.10-150300.4.12.1
- (no CPE)range: < 1.25.10-150300.4.12.1
- (no CPE)range: < 1.25.10-150300.4.12.1
- (no CPE)range: < 1.25.10-150300.4.12.1
- (no CPE)range: < 1.25.10-3.40.1
- (no CPE)range: < 2.0.7-150400.7.18.1
- (no CPE)range: < 2.0.7-150400.7.18.1
- (no CPE)range: < 2.0.7-150400.7.18.1
- (no CPE)range: < 1.25.10-3.40.1
- (no CPE)range: < 1.25.10-3.40.1
- (no CPE)range: < 1.25.10-3.40.1
- (no CPE)range: < 1.25.10-3.40.1
- (no CPE)range: < 2.1.0-2.1
- (no CPE)range: < 3.11.9-1.26.1
- (no CPE)range: < 3.3.2-1.18.1
- (no CPE)range: < 3.11.9-1.26.1
- (no CPE)range: < 7.0.0-1.8.1
- (no CPE)range: < 3.4-1.9.2
- (no CPE)range: < 1.7.4-1.3.1
- (no CPE)range: < 1.7.4-1.3.1
- (no CPE)range: < 67.7.2-1.12.1
- (no CPE)range: < 2.0.7-1.12.1
- (no CPE)range: < 3.15.0-1.9.2
- (no CPE)range: < 3006.0-3.65.1
- (no CPE)range: < 3006.0-150000.3.67.1
- (no CPE)range: < 3006.0-1.47.1
- (no CPE)range: < 3006.0-150000.3.67.1
- (no CPE)range: < 3006.0-150000.3.67.1
- (no CPE)range: < 3006.0-150000.3.67.1
- (no CPE)range: < 3006.0-1.47.1
Patches
Vulnerability mechanics
References
8- github.com/advisories/GHSA-34jh-p97f-mpxfghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-37891ghsaADVISORY
- github.com/urllib3/urllib3/commit/40b6d1605814dd1db0a46e202d6e56f2e4c9a468ghsaWEB
- github.com/urllib3/urllib3/commit/accff72ecc2f6cf5a76d9570198a93ac7c90270eghsax_refsource_MISCWEB
- github.com/urllib3/urllib3/security/advisories/GHSA-34jh-p97f-mpxfghsax_refsource_CONFIRMWEB
- lists.debian.org/debian-lts-announce/2024/12/msg00020.htmlghsaWEB
- security.netapp.com/advisory/ntap-20240822-0003ghsaWEB
- www.vicarius.io/vsociety/posts/proxy-authorization-header-handling-vulnerability-in-urllib3-cve-2024-37891ghsaWEB
News mentions
0No linked articles in our index yet.