Safety vulnerability ID: 61601
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Urllib3 1.26.17 and 2.0.5 include a fix for CVE-2023-43804: Urllib3 doesn't treat the 'Cookie' HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a 'Cookie' header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly.
https://github.com/urllib3/urllib3/security/advisories/GHSA-v845-jxx5-vc9f
Latest version: 2.2.1
HTTP library with thread-safe connection pooling, file post, and more.
urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. This issue has been patched in urllib3 version 1.26.17 or 2.0.5. See CVE-2023-43804.
MISC:https://github.com/urllib3/urllib3/commit/01220354d389cd05474713f8c982d05c9b17aafb: https://github.com/urllib3/urllib3/commit/01220354d389cd05474713f8c982d05c9b17aafb
MISC:https://github.com/urllib3/urllib3/commit/644124ecd0b6e417c527191f866daa05a5a2056d: https://github.com/urllib3/urllib3/commit/644124ecd0b6e417c527191f866daa05a5a2056d
MISC:https://github.com/urllib3/urllib3/security/advisories/GHSA-v845-jxx5-vc9f: https://github.com/urllib3/urllib3/security/advisories/GHSA-v845-jxx5-vc9f
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application