PT-2018-3994 · Python+6 · Urllib3+6

Kyoshidajpo

Publicado

2018-12-29

Atualizado

2026-06-03

CVE-2018-25091

CVSS v2.0

6.4

Média

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions urllib3 versions prior to 1.24.2

Description The issue is related to the use of open redirects in the Urllib3 HTTP library for Python. Exploitation of this issue can allow a remote attacker to access and compromise confidential data. Specifically, when following a cross-origin redirect, the library does not remove the authorization HTTP header, potentially exposing credentials to unintended hosts or transmitting them in cleartext.

Recommendations For versions prior to 1.24.2, update to version 1.24.2 or later to resolve the issue. As a temporary workaround, consider disabling the use of cross-origin redirects until a patch is available. Restrict access to sensitive data and credentials to minimize the risk of exploitation.

Correção

Open Redirect

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-601CWE-200

Identificadores relacionados

BDU:2024-09054

CESA-2024_2988

CVE-2018-25091

DLA-3610-1

GHSA-GWVM-45GX-3CF8

INFSA-2024_2988

PYSEC-2023-207

RHSA-2024:2988

RHSA-2024_2988

SUSE-SU-2023:4352-1

USN-6473-1

USN-6473-2

Produtos afetados

Astra Linux

Centos

Linuxmint

Red Hat

Rocky Linux

Ubuntu

Urllib3

PT-2018-3994 · Python+6 · Urllib3+6

CVE-2018-25091

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 40