INFSA-2024:8842: python3.12-urllib3 security update
Information about definition
Identificator: INFSA-2024:8842
Type: security
Release date: 2024-11-12 06:44:19 UTC
Information about package
urllib3 is a powerful, user-friendly HTTP client for Python. urllib3 brings many critical features that are missing from the Python standard libraries: • Thread safety. • Connection pooling. • Client-side SSL/TLS verification. • File uploads with multipart encoding. • Helpers for retrying requests and dealing with HTTP redirects. • Support for gzip, deflate, brotli, and zstd encoding. • Proxy support for HTTP and SOCKS. • 100% test coverage.
Vulnerabilities description
- CVE-2024-37891
A flaw was found in urllib3, an HTTP client library for Python. In certain configurations, urllib3 does not treat the Proxy-Authorization HTTP header as one carrying authentication material. This issue results in not stripping the header on cross-origin redirects.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2024-37891
|
no information | 4.4 | no information |
Updated packages