Published: 04/10/2023 Updated: 01/02/2024

CVSS v3 Base Score: 8.1 | Impact Score: 5.2 | Exploitability Score: 2.8

VMScore: 0

urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. This issue has been patched in urllib3 version 1.26.17 or 2.0.5.

Vulnerable Product	Search on Vulmon	Subscribe to Product
python urllib3
debian debian linux 10.0
fedoraproject fedora 37
fedoraproject fedora 38
fedoraproject fedora 39

Debian Bug report logs - #1053626 python-urllib3: CVE-2023-43804 Package: src:python-urllib3; Maintainer for src:python-urllib3 is Debian Python Team <team+python@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 7 Oct 2023 14:57:02 UTC Severity: important Tags: security, upstream ...

Synopsis Important: Red Hat build of Cryostat security update Type/Severity Security Advisory: Important Topic An update is now available for the Red Hat build of Cryostat 2 on RHEL 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a ...

Synopsis Moderate: python-urllib3 security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for python-urllib3 is now available for Red Hat Enterprise Linux 86 Extended Update SupportRed Hat Product Secur ...

Synopsis Important: ACS 41 enhancement update Type/Severity Security Advisory: Important Topic Updated images are now available for Red Hat Advanced Cluster Security 416 The updated images includes security fixesRed Hat Product Security has rated this update as having a security impact ofImportant A Common Vulnerability Scoring System ( ...

Synopsis Moderate: fence-agents security update Type / Sévérité Security Advisory: Moderate Analyse des correctifs dans Red Hat Insights Identifiez et remédiez aux systèmes concernés par cette alerte Voir les systèmes concernés Sujet An update for fence-agents is now available for Red Hat Enterprise Linux 8Red Hat Product ...

Synopsis Moderate: Red Hat OpenStack Platform 171 (python-urllib3) security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for python-urllib3 is now available for Red Hat OpenStack Platform 171 (Wallaby ...

Synopsis Moderate: Red Hat Ansible Automation Platform 24 Product Security and Bug Fix Update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update is now available for Red Hat Ansible Automation Platform 24Red Hat P ...

Synopsis Important: RHACS 42 security update Type/Severity Security Advisory: Important Topic Updated images are now available for Red Hat Advanced Cluster Security 424The updated images includes security fixesRed Hat Product Security has rated this update as having a security impact ofImportant A Common Vulnerability Scoring System (CV ...

Synopsis Moderate: python-urllib3 security update Type / Sévérité Security Advisory: Moderate Analyse des correctifs dans Red Hat Insights Identifiez et remédiez aux systèmes concernés par cette alerte Voir les systèmes concernés Sujet An update for python-urllib3 is now available for Red Hat Enterprise Linux 88 Extended U ...

Synopsis Moderate: fence-agents security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for fence-agents is now available for Red Hat Enterprise Linux 88 Extended Update SupportRed Hat Product Security ...

Synopsis Moderate: fence-agents security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for fence-agents is now available for Red Hat Enterprise Linux 84 Advanced Mission Critical Update Support, Red Hat ...

概述 Moderate: fence-agents security update 类型/严重性 Security Advisory: Moderate Red Hat Insights 补丁分析识别并修复受此公告影响的系统。查看受影响的系统标题 An update for fence-agents is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated this update as having a s ...

Example of how CVE-2023-43804 works with real python code.

PoC Example of how CVE-2023-43804 works with real python code Explaining CVE-2023-43804/serverpy and CVE-2023-43804/examplepy In serverpy I created a simple website that redirects you to googlecom, so make sure to run serverpy first before trying examplepy In examplepy I added a cookie to the request header, so when you try to request 127001:5000/ (it's

Example of how CVE-2023-43804 works with real python code.

API interface to the Raindrop Bookmark Manager.

|docs| Raindrop-IO-py Python wrapper for the API to the Raindropio Bookmark Manager Capabilities include the ability to create, update, delete both link & file-based Raindrops; create, update delete Raindrop collections, tags etc Background I wanted to use an existing API for the Raindrop Bookmark Manager (python-raindropio) to perform some bulk operations through a

CWE-200 https://github.com/urllib3/urllib3/commit/644124ecd0b6e417c527191f866daa05a5a2056d https://github.com/urllib3/urllib3/security/advisories/GHSA-v845-jxx5-vc9f https://github.com/urllib3/urllib3/commit/01220354d389cd05474713f8c982d05c9b17aafb https://lists.debian.org/debian-lts-announce/2023/10/msg00012.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I3PR7C6RJ6JUBQKIJ644DMIJSUP36VDY/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDAGZXYJ7H2G3SB47M453VQVNAWKAEJJ/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5F5CUBAN5XMEBVBZPHFITBLMJV5FIJJ5/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053626 https://nvd.nist.gov https://github.com/JawadPy/CVE-2023-43804

Get Started

CVE-2023-43804

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect