Package | Installed | Affected | Info |
---|---|---|---|
requests | 2.21.0 | >=2.3.0,<2.31.0 |
show Requests 2.31.0 includes a fix for CVE-2023-32681: Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use 'rebuild_proxies' to reattach the 'Proxy-Authorization' header to requests. For HTTP connections sent through the tunnel, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, the 'Proxy-Authorization' header must be sent in the CONNECT request as the proxy has no visibility into the tunneled request. This results in Requests forwarding proxy credentials to the destination server unintentionally, allowing a malicious actor to potentially exfiltrate sensitive information. |
certifi | 2018.11.29 | >=2015.04.28,<2023.07.22 |
show Certifi 2023.07.22 includes a fix for CVE-2023-37920: Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7 |
certifi | 2018.11.29 | <2022.12.07 |
show Certifi 2022.12.07 includes a fix for CVE-2022-23491: Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion. https://github.com/certifi/python-certifi/security/advisories/GHSA-43fp-rhv2-5gv8 https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/oxX69KFvsm4/m/yLohoVqtCgAJ |
Package | Installed | Affected | Info |
---|---|---|---|
urllib3 | 1.24.1 | <1.26.17 , >=2.0.0a1,<2.0.5 |
show Urllib3 1.26.17 and 2.0.5 include a fix for CVE-2023-43804: Urllib3 doesn't treat the 'Cookie' HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a 'Cookie' header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. https://github.com/urllib3/urllib3/security/advisories/GHSA-v845-jxx5-vc9f |
urllib3 | 1.24.1 | <1.25.9 |
show Urllib3 1.25.9 includes a fix for CVE-2020-26137: Urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116. https://github.com/python/cpython/issues/83784 https://github.com/urllib3/urllib3/pull/1800 |
urllib3 | 1.24.1 | <1.24.3 |
show Urllib3 1.24.3 includes a fix for CVE-2019-11236: CRLF injection is possible if the attacker controls the request parameter. https://github.com/urllib3/urllib3/commit/5d523706c7b03f947dc50a7e783758a2bfff0532 https://github.com/urllib3/urllib3/issues/1553 |
urllib3 | 1.24.1 | <1.24.2 |
show Affected versions of urllib3 are vulnerable Improper Certificate Validation. Urllib3 mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure is the correct outcome. This is related to the use of the ssl_context, ca_certs, or ca_certs_dir argument. |
urllib3 | 1.24.1 | <1.26.5 |
show Urllib3 1.26.5 includes a fix for CVE-2021-33503: When provided with a URL containing many @ characters in the authority component, the authority regular expression exhibits catastrophic backtracking, causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect. https://github.com/advisories/GHSA-q2q7-5pp4-w6pg |
urllib3 | 1.24.1 | <1.26.18 , >=2.0.0a1,<2.0.7 |
show Urllib3 1.26.18 and 2.0.7 include a fix for CVE-2023-45803: Request body not stripped after redirect from 303 status changes request method to GET. https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4 |
certifi | 2018.11.29 | >=2015.04.28,<2023.07.22 |
show Certifi 2023.07.22 includes a fix for CVE-2023-37920: Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7 |
certifi | 2018.11.29 | <2022.12.07 |
show Certifi 2022.12.07 includes a fix for CVE-2022-23491: Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion. https://github.com/certifi/python-certifi/security/advisories/GHSA-43fp-rhv2-5gv8 https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/oxX69KFvsm4/m/yLohoVqtCgAJ |
Package | Installed | Affected | Info |
---|---|---|---|
urllib3 | 1.24.1 | <1.26.17 , >=2.0.0a1,<2.0.5 |
show Urllib3 1.26.17 and 2.0.5 include a fix for CVE-2023-43804: Urllib3 doesn't treat the 'Cookie' HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a 'Cookie' header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. https://github.com/urllib3/urllib3/security/advisories/GHSA-v845-jxx5-vc9f |
urllib3 | 1.24.1 | <1.25.9 |
show Urllib3 1.25.9 includes a fix for CVE-2020-26137: Urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116. https://github.com/python/cpython/issues/83784 https://github.com/urllib3/urllib3/pull/1800 |
urllib3 | 1.24.1 | <1.24.3 |
show Urllib3 1.24.3 includes a fix for CVE-2019-11236: CRLF injection is possible if the attacker controls the request parameter. https://github.com/urllib3/urllib3/commit/5d523706c7b03f947dc50a7e783758a2bfff0532 https://github.com/urllib3/urllib3/issues/1553 |
urllib3 | 1.24.1 | <1.24.2 |
show Affected versions of urllib3 are vulnerable Improper Certificate Validation. Urllib3 mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure is the correct outcome. This is related to the use of the ssl_context, ca_certs, or ca_certs_dir argument. |
urllib3 | 1.24.1 | <1.26.5 |
show Urllib3 1.26.5 includes a fix for CVE-2021-33503: When provided with a URL containing many @ characters in the authority component, the authority regular expression exhibits catastrophic backtracking, causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect. https://github.com/advisories/GHSA-q2q7-5pp4-w6pg |
urllib3 | 1.24.1 | <1.26.18 , >=2.0.0a1,<2.0.7 |
show Urllib3 1.26.18 and 2.0.7 include a fix for CVE-2023-45803: Request body not stripped after redirect from 303 status changes request method to GET. https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4 |
Package | Installed | Affected | Info |
---|---|---|---|
certifi | 2018.11.29 | >=2015.04.28,<2023.07.22 |
show Certifi 2023.07.22 includes a fix for CVE-2023-37920: Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7 |
certifi | 2018.11.29 | <2022.12.07 |
show Certifi 2022.12.07 includes a fix for CVE-2022-23491: Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion. https://github.com/certifi/python-certifi/security/advisories/GHSA-43fp-rhv2-5gv8 https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/oxX69KFvsm4/m/yLohoVqtCgAJ |
Package | Installed | Affected | Info |
---|---|---|---|
urllib3 | 1.24.1 | <1.26.17 , >=2.0.0a1,<2.0.5 |
show Urllib3 1.26.17 and 2.0.5 include a fix for CVE-2023-43804: Urllib3 doesn't treat the 'Cookie' HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a 'Cookie' header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. https://github.com/urllib3/urllib3/security/advisories/GHSA-v845-jxx5-vc9f |
urllib3 | 1.24.1 | <1.25.9 |
show Urllib3 1.25.9 includes a fix for CVE-2020-26137: Urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116. https://github.com/python/cpython/issues/83784 https://github.com/urllib3/urllib3/pull/1800 |
urllib3 | 1.24.1 | <1.24.3 |
show Urllib3 1.24.3 includes a fix for CVE-2019-11236: CRLF injection is possible if the attacker controls the request parameter. https://github.com/urllib3/urllib3/commit/5d523706c7b03f947dc50a7e783758a2bfff0532 https://github.com/urllib3/urllib3/issues/1553 |
urllib3 | 1.24.1 | <1.24.2 |
show Affected versions of urllib3 are vulnerable Improper Certificate Validation. Urllib3 mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure is the correct outcome. This is related to the use of the ssl_context, ca_certs, or ca_certs_dir argument. |
urllib3 | 1.24.1 | <1.26.5 |
show Urllib3 1.26.5 includes a fix for CVE-2021-33503: When provided with a URL containing many @ characters in the authority component, the authority regular expression exhibits catastrophic backtracking, causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect. https://github.com/advisories/GHSA-q2q7-5pp4-w6pg |
urllib3 | 1.24.1 | <1.26.18 , >=2.0.0a1,<2.0.7 |
show Urllib3 1.26.18 and 2.0.7 include a fix for CVE-2023-45803: Request body not stripped after redirect from 303 status changes request method to GET. https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4 |
certifi | 2018.11.29 | >=2015.04.28,<2023.07.22 |
show Certifi 2023.07.22 includes a fix for CVE-2023-37920: Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7 |
certifi | 2018.11.29 | <2022.12.07 |
show Certifi 2022.12.07 includes a fix for CVE-2022-23491: Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion. https://github.com/certifi/python-certifi/security/advisories/GHSA-43fp-rhv2-5gv8 https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/oxX69KFvsm4/m/yLohoVqtCgAJ |
Package | Installed | Affected | Info |
---|---|---|---|
certifi | 2018.11.29 | >=2015.04.28,<2023.07.22 |
show Certifi 2023.07.22 includes a fix for CVE-2023-37920: Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7 |
certifi | 2018.11.29 | <2022.12.07 |
show Certifi 2022.12.07 includes a fix for CVE-2022-23491: Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion. https://github.com/certifi/python-certifi/security/advisories/GHSA-43fp-rhv2-5gv8 https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/oxX69KFvsm4/m/yLohoVqtCgAJ |
Package | Installed | Affected | Info |
---|---|---|---|
certifi | 2018.11.29 | >=2015.04.28,<2023.07.22 |
show Certifi 2023.07.22 includes a fix for CVE-2023-37920: Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7 |
certifi | 2018.11.29 | <2022.12.07 |
show Certifi 2022.12.07 includes a fix for CVE-2022-23491: Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion. https://github.com/certifi/python-certifi/security/advisories/GHSA-43fp-rhv2-5gv8 https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/oxX69KFvsm4/m/yLohoVqtCgAJ |
Package | Installed | Affected | Info |
---|---|---|---|
urllib3 | 1.24.1 | <1.26.17 , >=2.0.0a1,<2.0.5 |
show Urllib3 1.26.17 and 2.0.5 include a fix for CVE-2023-43804: Urllib3 doesn't treat the 'Cookie' HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a 'Cookie' header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. https://github.com/urllib3/urllib3/security/advisories/GHSA-v845-jxx5-vc9f |
urllib3 | 1.24.1 | <1.25.9 |
show Urllib3 1.25.9 includes a fix for CVE-2020-26137: Urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116. https://github.com/python/cpython/issues/83784 https://github.com/urllib3/urllib3/pull/1800 |
urllib3 | 1.24.1 | <1.24.3 |
show Urllib3 1.24.3 includes a fix for CVE-2019-11236: CRLF injection is possible if the attacker controls the request parameter. https://github.com/urllib3/urllib3/commit/5d523706c7b03f947dc50a7e783758a2bfff0532 https://github.com/urllib3/urllib3/issues/1553 |
urllib3 | 1.24.1 | <1.24.2 |
show Affected versions of urllib3 are vulnerable Improper Certificate Validation. Urllib3 mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure is the correct outcome. This is related to the use of the ssl_context, ca_certs, or ca_certs_dir argument. |
urllib3 | 1.24.1 | <1.26.5 |
show Urllib3 1.26.5 includes a fix for CVE-2021-33503: When provided with a URL containing many @ characters in the authority component, the authority regular expression exhibits catastrophic backtracking, causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect. https://github.com/advisories/GHSA-q2q7-5pp4-w6pg |
urllib3 | 1.24.1 | <1.26.18 , >=2.0.0a1,<2.0.7 |
show Urllib3 1.26.18 and 2.0.7 include a fix for CVE-2023-45803: Request body not stripped after redirect from 303 status changes request method to GET. https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4 |
certifi | 2018.11.29 | >=2015.04.28,<2023.07.22 |
show Certifi 2023.07.22 includes a fix for CVE-2023-37920: Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7 |
certifi | 2018.11.29 | <2022.12.07 |
show Certifi 2022.12.07 includes a fix for CVE-2022-23491: Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion. https://github.com/certifi/python-certifi/security/advisories/GHSA-43fp-rhv2-5gv8 https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/oxX69KFvsm4/m/yLohoVqtCgAJ |
Package | Installed | Affected | Info |
---|---|---|---|
urllib3 | 1.24.1 | <1.26.17 , >=2.0.0a1,<2.0.5 |
show Urllib3 1.26.17 and 2.0.5 include a fix for CVE-2023-43804: Urllib3 doesn't treat the 'Cookie' HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a 'Cookie' header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. https://github.com/urllib3/urllib3/security/advisories/GHSA-v845-jxx5-vc9f |
urllib3 | 1.24.1 | <1.25.9 |
show Urllib3 1.25.9 includes a fix for CVE-2020-26137: Urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116. https://github.com/python/cpython/issues/83784 https://github.com/urllib3/urllib3/pull/1800 |
urllib3 | 1.24.1 | <1.24.3 |
show Urllib3 1.24.3 includes a fix for CVE-2019-11236: CRLF injection is possible if the attacker controls the request parameter. https://github.com/urllib3/urllib3/commit/5d523706c7b03f947dc50a7e783758a2bfff0532 https://github.com/urllib3/urllib3/issues/1553 |
urllib3 | 1.24.1 | <1.24.2 |
show Affected versions of urllib3 are vulnerable Improper Certificate Validation. Urllib3 mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure is the correct outcome. This is related to the use of the ssl_context, ca_certs, or ca_certs_dir argument. |
urllib3 | 1.24.1 | <1.26.5 |
show Urllib3 1.26.5 includes a fix for CVE-2021-33503: When provided with a URL containing many @ characters in the authority component, the authority regular expression exhibits catastrophic backtracking, causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect. https://github.com/advisories/GHSA-q2q7-5pp4-w6pg |
urllib3 | 1.24.1 | <1.26.18 , >=2.0.0a1,<2.0.7 |
show Urllib3 1.26.18 and 2.0.7 include a fix for CVE-2023-45803: Request body not stripped after redirect from 303 status changes request method to GET. https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4 |
certifi | 2018.11.29 | >=2015.04.28,<2023.07.22 |
show Certifi 2023.07.22 includes a fix for CVE-2023-37920: Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7 |
certifi | 2018.11.29 | <2022.12.07 |
show Certifi 2022.12.07 includes a fix for CVE-2022-23491: Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion. https://github.com/certifi/python-certifi/security/advisories/GHSA-43fp-rhv2-5gv8 https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/oxX69KFvsm4/m/yLohoVqtCgAJ |
Package | Installed | Affected | Info |
---|---|---|---|
urllib3 | 1.24.1 | <1.26.17 , >=2.0.0a1,<2.0.5 |
show Urllib3 1.26.17 and 2.0.5 include a fix for CVE-2023-43804: Urllib3 doesn't treat the 'Cookie' HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a 'Cookie' header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. https://github.com/urllib3/urllib3/security/advisories/GHSA-v845-jxx5-vc9f |
urllib3 | 1.24.1 | <1.25.9 |
show Urllib3 1.25.9 includes a fix for CVE-2020-26137: Urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116. https://github.com/python/cpython/issues/83784 https://github.com/urllib3/urllib3/pull/1800 |
urllib3 | 1.24.1 | <1.24.3 |
show Urllib3 1.24.3 includes a fix for CVE-2019-11236: CRLF injection is possible if the attacker controls the request parameter. https://github.com/urllib3/urllib3/commit/5d523706c7b03f947dc50a7e783758a2bfff0532 https://github.com/urllib3/urllib3/issues/1553 |
urllib3 | 1.24.1 | <1.24.2 |
show Affected versions of urllib3 are vulnerable Improper Certificate Validation. Urllib3 mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure is the correct outcome. This is related to the use of the ssl_context, ca_certs, or ca_certs_dir argument. |
urllib3 | 1.24.1 | <1.26.5 |
show Urllib3 1.26.5 includes a fix for CVE-2021-33503: When provided with a URL containing many @ characters in the authority component, the authority regular expression exhibits catastrophic backtracking, causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect. https://github.com/advisories/GHSA-q2q7-5pp4-w6pg |
urllib3 | 1.24.1 | <1.26.18 , >=2.0.0a1,<2.0.7 |
show Urllib3 1.26.18 and 2.0.7 include a fix for CVE-2023-45803: Request body not stripped after redirect from 303 status changes request method to GET. https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4 |
certifi | 2018.11.29 | >=2015.04.28,<2023.07.22 |
show Certifi 2023.07.22 includes a fix for CVE-2023-37920: Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7 |
certifi | 2018.11.29 | <2022.12.07 |
show Certifi 2022.12.07 includes a fix for CVE-2022-23491: Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion. https://github.com/certifi/python-certifi/security/advisories/GHSA-43fp-rhv2-5gv8 https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/oxX69KFvsm4/m/yLohoVqtCgAJ |
Package | Installed | Affected | Info |
---|---|---|---|
urllib3 | 1.24.1 | <1.26.17 , >=2.0.0a1,<2.0.5 |
show Urllib3 1.26.17 and 2.0.5 include a fix for CVE-2023-43804: Urllib3 doesn't treat the 'Cookie' HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a 'Cookie' header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. https://github.com/urllib3/urllib3/security/advisories/GHSA-v845-jxx5-vc9f |
urllib3 | 1.24.1 | <1.25.9 |
show Urllib3 1.25.9 includes a fix for CVE-2020-26137: Urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116. https://github.com/python/cpython/issues/83784 https://github.com/urllib3/urllib3/pull/1800 |
urllib3 | 1.24.1 | <1.24.3 |
show Urllib3 1.24.3 includes a fix for CVE-2019-11236: CRLF injection is possible if the attacker controls the request parameter. https://github.com/urllib3/urllib3/commit/5d523706c7b03f947dc50a7e783758a2bfff0532 https://github.com/urllib3/urllib3/issues/1553 |
urllib3 | 1.24.1 | <1.24.2 |
show Affected versions of urllib3 are vulnerable Improper Certificate Validation. Urllib3 mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure is the correct outcome. This is related to the use of the ssl_context, ca_certs, or ca_certs_dir argument. |
urllib3 | 1.24.1 | <1.26.5 |
show Urllib3 1.26.5 includes a fix for CVE-2021-33503: When provided with a URL containing many @ characters in the authority component, the authority regular expression exhibits catastrophic backtracking, causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect. https://github.com/advisories/GHSA-q2q7-5pp4-w6pg |
urllib3 | 1.24.1 | <1.26.18 , >=2.0.0a1,<2.0.7 |
show Urllib3 1.26.18 and 2.0.7 include a fix for CVE-2023-45803: Request body not stripped after redirect from 303 status changes request method to GET. https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4 |
certifi | 2018.11.29 | >=2015.04.28,<2023.07.22 |
show Certifi 2023.07.22 includes a fix for CVE-2023-37920: Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7 |
certifi | 2018.11.29 | <2022.12.07 |
show Certifi 2022.12.07 includes a fix for CVE-2022-23491: Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion. https://github.com/certifi/python-certifi/security/advisories/GHSA-43fp-rhv2-5gv8 https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/oxX69KFvsm4/m/yLohoVqtCgAJ |
Package | Installed | Affected | Info |
---|---|---|---|
certifi | 2018.11.29 | >=2015.04.28,<2023.07.22 |
show Certifi 2023.07.22 includes a fix for CVE-2023-37920: Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7 |
certifi | 2018.11.29 | <2022.12.07 |
show Certifi 2022.12.07 includes a fix for CVE-2022-23491: Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion. https://github.com/certifi/python-certifi/security/advisories/GHSA-43fp-rhv2-5gv8 https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/oxX69KFvsm4/m/yLohoVqtCgAJ |
Package | Installed | Affected | Info |
---|---|---|---|
urllib3 | 1.24.1 | <1.26.17 , >=2.0.0a1,<2.0.5 |
show Urllib3 1.26.17 and 2.0.5 include a fix for CVE-2023-43804: Urllib3 doesn't treat the 'Cookie' HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a 'Cookie' header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. https://github.com/urllib3/urllib3/security/advisories/GHSA-v845-jxx5-vc9f |
urllib3 | 1.24.1 | <1.25.9 |
show Urllib3 1.25.9 includes a fix for CVE-2020-26137: Urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116. https://github.com/python/cpython/issues/83784 https://github.com/urllib3/urllib3/pull/1800 |
urllib3 | 1.24.1 | <1.24.3 |
show Urllib3 1.24.3 includes a fix for CVE-2019-11236: CRLF injection is possible if the attacker controls the request parameter. https://github.com/urllib3/urllib3/commit/5d523706c7b03f947dc50a7e783758a2bfff0532 https://github.com/urllib3/urllib3/issues/1553 |
urllib3 | 1.24.1 | <1.24.2 |
show Affected versions of urllib3 are vulnerable Improper Certificate Validation. Urllib3 mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure is the correct outcome. This is related to the use of the ssl_context, ca_certs, or ca_certs_dir argument. |
urllib3 | 1.24.1 | <1.26.5 |
show Urllib3 1.26.5 includes a fix for CVE-2021-33503: When provided with a URL containing many @ characters in the authority component, the authority regular expression exhibits catastrophic backtracking, causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect. https://github.com/advisories/GHSA-q2q7-5pp4-w6pg |
urllib3 | 1.24.1 | <1.26.18 , >=2.0.0a1,<2.0.7 |
show Urllib3 1.26.18 and 2.0.7 include a fix for CVE-2023-45803: Request body not stripped after redirect from 303 status changes request method to GET. https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4 |
certifi | 2018.11.29 | >=2015.04.28,<2023.07.22 |
show Certifi 2023.07.22 includes a fix for CVE-2023-37920: Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7 |
certifi | 2018.11.29 | <2022.12.07 |
show Certifi 2022.12.07 includes a fix for CVE-2022-23491: Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion. https://github.com/certifi/python-certifi/security/advisories/GHSA-43fp-rhv2-5gv8 https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/oxX69KFvsm4/m/yLohoVqtCgAJ |
Package | Installed | Affected | Info |
---|---|---|---|
urllib3 | 1.24.1 | <1.26.17 , >=2.0.0a1,<2.0.5 |
show Urllib3 1.26.17 and 2.0.5 include a fix for CVE-2023-43804: Urllib3 doesn't treat the 'Cookie' HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a 'Cookie' header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. https://github.com/urllib3/urllib3/security/advisories/GHSA-v845-jxx5-vc9f |
urllib3 | 1.24.1 | <1.25.9 |
show Urllib3 1.25.9 includes a fix for CVE-2020-26137: Urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116. https://github.com/python/cpython/issues/83784 https://github.com/urllib3/urllib3/pull/1800 |
urllib3 | 1.24.1 | <1.24.3 |
show Urllib3 1.24.3 includes a fix for CVE-2019-11236: CRLF injection is possible if the attacker controls the request parameter. https://github.com/urllib3/urllib3/commit/5d523706c7b03f947dc50a7e783758a2bfff0532 https://github.com/urllib3/urllib3/issues/1553 |
urllib3 | 1.24.1 | <1.24.2 |
show Affected versions of urllib3 are vulnerable Improper Certificate Validation. Urllib3 mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure is the correct outcome. This is related to the use of the ssl_context, ca_certs, or ca_certs_dir argument. |
urllib3 | 1.24.1 | <1.26.5 |
show Urllib3 1.26.5 includes a fix for CVE-2021-33503: When provided with a URL containing many @ characters in the authority component, the authority regular expression exhibits catastrophic backtracking, causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect. https://github.com/advisories/GHSA-q2q7-5pp4-w6pg |
urllib3 | 1.24.1 | <1.26.18 , >=2.0.0a1,<2.0.7 |
show Urllib3 1.26.18 and 2.0.7 include a fix for CVE-2023-45803: Request body not stripped after redirect from 303 status changes request method to GET. https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4 |
certifi | 2018.11.29 | >=2015.04.28,<2023.07.22 |
show Certifi 2023.07.22 includes a fix for CVE-2023-37920: Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7 |
certifi | 2018.11.29 | <2022.12.07 |
show Certifi 2022.12.07 includes a fix for CVE-2022-23491: Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion. https://github.com/certifi/python-certifi/security/advisories/GHSA-43fp-rhv2-5gv8 https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/oxX69KFvsm4/m/yLohoVqtCgAJ |
Package | Installed | Affected | Info |
---|---|---|---|
certifi | 2018.11.29 | >=2015.04.28,<2023.07.22 |
show Certifi 2023.07.22 includes a fix for CVE-2023-37920: Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7 |
certifi | 2018.11.29 | <2022.12.07 |
show Certifi 2022.12.07 includes a fix for CVE-2022-23491: Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion. https://github.com/certifi/python-certifi/security/advisories/GHSA-43fp-rhv2-5gv8 https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/oxX69KFvsm4/m/yLohoVqtCgAJ |
https://pyup.io/repos/github/tiagocordeiro/pizza_scrapy/python-3-shield.svg
[![Python 3](https://pyup.io/repos/github/tiagocordeiro/pizza_scrapy/python-3-shield.svg)](https://pyup.io/repos/github/tiagocordeiro/pizza_scrapy/)
.. image:: https://pyup.io/repos/github/tiagocordeiro/pizza_scrapy/python-3-shield.svg :target: https://pyup.io/repos/github/tiagocordeiro/pizza_scrapy/ :alt: Python 3
<a href="https://pyup.io/repos/github/tiagocordeiro/pizza_scrapy/"><img src="https://pyup.io/repos/github/tiagocordeiro/pizza_scrapy/shield.svg" alt="Python 3" /></a>
!https://pyup.io/repos/github/tiagocordeiro/pizza_scrapy/python-3-shield.svg(Python 3)!:https://pyup.io/repos/github/tiagocordeiro/pizza_scrapy/
{<img src="https://pyup.io/repos/github/tiagocordeiro/pizza_scrapy/python-3-shield.svg" alt="Python 3" />}[https://pyup.io/repos/github/tiagocordeiro/pizza_scrapy/]
https://pyup.io/repos/github/tiagocordeiro/pizza_scrapy/shield.svg
[![Updates](https://pyup.io/repos/github/tiagocordeiro/pizza_scrapy/shield.svg)](https://pyup.io/repos/github/tiagocordeiro/pizza_scrapy/)
.. image:: https://pyup.io/repos/github/tiagocordeiro/pizza_scrapy/shield.svg :target: https://pyup.io/repos/github/tiagocordeiro/pizza_scrapy/ :alt: Updates
<a href="https://pyup.io/repos/github/tiagocordeiro/pizza_scrapy/"><img src="https://pyup.io/repos/github/tiagocordeiro/pizza_scrapy/shield.svg" alt="Updates" /></a>
!https://pyup.io/repos/github/tiagocordeiro/pizza_scrapy/shield.svg(Updates)!:https://pyup.io/repos/github/tiagocordeiro/pizza_scrapy/
{<img src="https://pyup.io/repos/github/tiagocordeiro/pizza_scrapy/shield.svg" alt="Updates" />}[https://pyup.io/repos/github/tiagocordeiro/pizza_scrapy/]