INFSA-2024:5309: python-urllib3 security update

Information about definition

Identificator: INFSA-2024:5309

Type: security

Release date: 2024-08-27 10:07:33 UTC

Information about package

The python-urllib3 package provides the Python HTTP module with connection pooling and file POST abilities.

Vulnerabilities description

  • CVE-2024-37891

    A flaw was found in urllib3, an HTTP client library for Python. In certain configurations, urllib3 does not treat the Proxy-Authorization HTTP header as one carrying authentication material. This issue results in not stripping the header on cross-origin redirects.

Severity level

CVE Score CVSS 2.0 Score CVSS 3.x Score CVSS 4.0
no information 4.4 no information
Critical, important, moderate, low

Updated packages