Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2018-20060

urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext. (CVE-2018-20060)

Source

ALAS2-2020-1446

Amazon Linux 2 Security Advisory: ALAS-2020-1446
Advisory Release Date: 2020-06-26 22:55 Pacific
Advisory Updated Date: 2020-07-01 00:03 Pacific

Severity: Medium

References: CVE-2018-20060

Issue Overview:

urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext. (CVE-2018-20060)

Affected Packages:

python-urllib3

Issue Correction:
Run yum update python-urllib3 to update your system.

New Packages:

noarch:
    python-urllib3-1.25.7-1.amzn2.0.1.noarch

src:
    python-urllib3-1.25.7-1.amzn2.0.1.src

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

ALAS2-2020-1446

ALAS2-2020-1446

Vulmon Search

About

Products

Connect