Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/python-urllib3@1.26.5-1~exp1%2Bdeb11u1?distro=trixie
Typedeb
Namespacedebian
Namepython-urllib3
Version1.26.5-1~exp1+deb11u1
Qualifiers
distro trixie
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version1.26.5-1~exp1+deb11u2
Latest_non_vulnerable_version2.6.3-2
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-4evk-srqq-fuef
vulnerability_id VCID-4evk-srqq-fuef
summary urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one that could accept a request body (like `POST`) to `GET` as is required by HTTP RFCs. Although this behavior is not specified in the section for redirects, it can be inferred by piecing together information from different sections and we have observed the behavior in other major HTTP client implementations like curl and web browsers. Because the vulnerability requires a previously trusted service to become compromised in order to have an impact on confidentiality we believe the exploitability of this vulnerability is low. Additionally, many users aren't putting sensitive data in HTTP request bodies, if this is the case then this vulnerability isn't exploitable. Both of the following conditions must be true to be affected by this vulnerability: 1. Using urllib3 and submitting sensitive information in the HTTP request body (such as form data or JSON) and 2. The origin service is compromised and starts redirecting using 301, 302, or 303 to a malicious peer or the redirected-to service becomes compromised. This issue has been addressed in versions 1.26.18 and 2.0.7 and users are advised to update to resolve this issue. Users unable to update should disable redirects for services that aren't expecting to respond with redirects with `redirects=False` and disable automatic redirects with `redirects=False` and handle 301, 302, and 303 redirects manually by stripping the HTTP request body.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45803.json
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45803.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-45803
reference_id
reference_type
scores
0
value 0.00051
scoring_system epss
scoring_elements 0.15893
published_at 2026-04-12T12:55:00Z
1
value 0.00051
scoring_system epss
scoring_elements 0.15954
published_at 2026-04-09T12:55:00Z
2
value 0.00051
scoring_system epss
scoring_elements 0.15818
published_at 2026-04-26T12:55:00Z
3
value 0.00051
scoring_system epss
scoring_elements 0.15944
published_at 2026-04-02T12:55:00Z
4
value 0.00051
scoring_system epss
scoring_elements 0.15821
published_at 2026-04-24T12:55:00Z
5
value 0.00051
scoring_system epss
scoring_elements 0.158
published_at 2026-04-21T12:55:00Z
6
value 0.00051
scoring_system epss
scoring_elements 0.15757
published_at 2026-04-18T12:55:00Z
7
value 0.00051
scoring_system epss
scoring_elements 0.15748
published_at 2026-04-16T12:55:00Z
8
value 0.00051
scoring_system epss
scoring_elements 0.15824
published_at 2026-04-13T12:55:00Z
9
value 0.00051
scoring_system epss
scoring_elements 0.15931
published_at 2026-04-11T12:55:00Z
10
value 0.00051
scoring_system epss
scoring_elements 0.16009
published_at 2026-04-04T12:55:00Z
11
value 0.00051
scoring_system epss
scoring_elements 0.15807
published_at 2026-04-07T12:55:00Z
12
value 0.00056
scoring_system epss
scoring_elements 0.17338
published_at 2026-04-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-45803
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45803
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45803
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2023-212.yaml
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 5.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2023-212.yaml
5
reference_url https://github.com/urllib3/urllib3
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 5.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/urllib3/urllib3
6
reference_url https://github.com/urllib3/urllib3/commit/4e50fbc5db74e32cabd5ccc1ab81fc103adfe0b3
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 5.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/urllib3/urllib3/commit/4e50fbc5db74e32cabd5ccc1ab81fc103adfe0b3
7
reference_url https://github.com/urllib3/urllib3/commit/4e98d57809dacab1cbe625fddeec1a290c478ea9
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 5.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T15:56:19Z/
url https://github.com/urllib3/urllib3/commit/4e98d57809dacab1cbe625fddeec1a290c478ea9
8
reference_url https://github.com/urllib3/urllib3/commit/b594c5ceaca38e1ac215f916538fb128e3526a36
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 5.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/urllib3/urllib3/commit/b594c5ceaca38e1ac215f916538fb128e3526a36
9
reference_url https://github.com/urllib3/urllib3/releases/tag/1.26.18
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 5.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/urllib3/urllib3/releases/tag/1.26.18
10
reference_url https://github.com/urllib3/urllib3/releases/tag/2.0.7
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 5.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/urllib3/urllib3/releases/tag/2.0.7
11
reference_url https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 5.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T15:56:19Z/
url https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4
12
reference_url https://lists.debian.org/debian-lts-announce/2024/12/msg00020.html
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 5.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2024/12/msg00020.html
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4R2Y5XK3WALSR3FNAGN7JBYV2B343ZKB
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 5.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4R2Y5XK3WALSR3FNAGN7JBYV2B343ZKB
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5F5CUBAN5XMEBVBZPHFITBLMJV5FIJJ5
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 5.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5F5CUBAN5XMEBVBZPHFITBLMJV5FIJJ5
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PPDPLM6UUMN55ESPQWJFLLIZY4ZKCNRX
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 5.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PPDPLM6UUMN55ESPQWJFLLIZY4ZKCNRX
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PPDPLM6UUMN55ESPQWJFLLIZY4ZKCNRX/
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T15:56:19Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PPDPLM6UUMN55ESPQWJFLLIZY4ZKCNRX/
17
reference_url https://www.rfc-editor.org/rfc/rfc9110.html#name-get
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 5.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T15:56:19Z/
url https://www.rfc-editor.org/rfc/rfc9110.html#name-get
18
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054226
reference_id 1054226
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054226
19
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2246840
reference_id 2246840
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2246840
20
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4R2Y5XK3WALSR3FNAGN7JBYV2B343ZKB/
reference_id 4R2Y5XK3WALSR3FNAGN7JBYV2B343ZKB
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T15:56:19Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4R2Y5XK3WALSR3FNAGN7JBYV2B343ZKB/
21
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5F5CUBAN5XMEBVBZPHFITBLMJV5FIJJ5/
reference_id 5F5CUBAN5XMEBVBZPHFITBLMJV5FIJJ5
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T15:56:19Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5F5CUBAN5XMEBVBZPHFITBLMJV5FIJJ5/
22
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-45803
reference_id CVE-2023-45803
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 5.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-45803
23
reference_url https://github.com/advisories/GHSA-g4mx-q9vg-27p4
reference_id GHSA-g4mx-q9vg-27p4
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g4mx-q9vg-27p4
24
reference_url https://access.redhat.com/errata/RHSA-2023:7851
reference_id RHSA-2023:7851
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7851
25
reference_url https://access.redhat.com/errata/RHSA-2024:0116
reference_id RHSA-2024:0116
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0116
26
reference_url https://access.redhat.com/errata/RHSA-2024:0300
reference_id RHSA-2024:0300
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0300
27
reference_url https://access.redhat.com/errata/RHSA-2024:0464
reference_id RHSA-2024:0464
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0464
28
reference_url https://access.redhat.com/errata/RHSA-2024:0588
reference_id RHSA-2024:0588
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0588
29
reference_url https://access.redhat.com/errata/RHSA-2024:11189
reference_id RHSA-2024:11189
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:11189
30
reference_url https://access.redhat.com/errata/RHSA-2024:11238
reference_id RHSA-2024:11238
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:11238
31
reference_url https://access.redhat.com/errata/RHSA-2024:1155
reference_id RHSA-2024:1155
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1155
32
reference_url https://access.redhat.com/errata/RHSA-2024:1383
reference_id RHSA-2024:1383
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1383
33
reference_url https://access.redhat.com/errata/RHSA-2024:2132
reference_id RHSA-2024:2132
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2132
34
reference_url https://access.redhat.com/errata/RHSA-2024:2734
reference_id RHSA-2024:2734
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2734
35
reference_url https://access.redhat.com/errata/RHSA-2024:2952
reference_id RHSA-2024:2952
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2952
36
reference_url https://access.redhat.com/errata/RHSA-2024:2968
reference_id RHSA-2024:2968
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2968
37
reference_url https://access.redhat.com/errata/RHSA-2024:2988
reference_id RHSA-2024:2988
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2988
38
reference_url https://access.redhat.com/errata/RHSA-2025:0078
reference_id RHSA-2025:0078
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0078
39
reference_url https://access.redhat.com/errata/RHSA-2025:1793
reference_id RHSA-2025:1793
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1793
40
reference_url https://access.redhat.com/errata/RHSA-2025:1813
reference_id RHSA-2025:1813
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1813
41
reference_url https://usn.ubuntu.com/6473-1/
reference_id USN-6473-1
reference_type
scores
url https://usn.ubuntu.com/6473-1/
42
reference_url https://usn.ubuntu.com/6473-2/
reference_id USN-6473-2
reference_type
scores
url https://usn.ubuntu.com/6473-2/
43
reference_url https://usn.ubuntu.com/7762-1/
reference_id USN-7762-1
reference_type
scores
url https://usn.ubuntu.com/7762-1/
fixed_packages
0
url pkg:deb/debian/python-urllib3@1.26.5-1~exp1?distro=trixie
purl pkg:deb/debian/python-urllib3@1.26.5-1~exp1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-zevs-1ge5-y7g7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-urllib3@1.26.5-1~exp1%3Fdistro=trixie
1
url pkg:deb/debian/python-urllib3@1.26.5-1~exp1%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/python-urllib3@1.26.5-1~exp1%2Bdeb11u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-urllib3@1.26.5-1~exp1%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/python-urllib3@1.26.12-1%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/python-urllib3@1.26.12-1%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-zevs-1ge5-y7g7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-urllib3@1.26.12-1%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/python-urllib3@1.26.18-1?distro=trixie
purl pkg:deb/debian/python-urllib3@1.26.18-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-urllib3@1.26.18-1%3Fdistro=trixie
4
url pkg:deb/debian/python-urllib3@2.3.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/python-urllib3@2.3.0-3%2Bdeb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-zevs-1ge5-y7g7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-urllib3@2.3.0-3%252Bdeb13u1%3Fdistro=trixie
5
url pkg:deb/debian/python-urllib3@2.6.3-2?distro=trixie
purl pkg:deb/debian/python-urllib3@2.6.3-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-urllib3@2.6.3-2%3Fdistro=trixie
aliases CVE-2023-45803, GHSA-g4mx-q9vg-27p4, PYSEC-2023-212
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4evk-srqq-fuef
1
url VCID-5tkp-pxz9-h7c2
vulnerability_id VCID-5tkp-pxz9-h7c2
summary 
urllib3's Proxy-Authorization request header isn't stripped during cross-origin redirects
When using urllib3's proxy support with `ProxyManager`, the `Proxy-Authorization` header is only sent to the configured proxy, as expected.

However, when sending HTTP requests *without* using urllib3's proxy support, it's possible to accidentally configure the `Proxy-Authorization` header even though it won't have any effect as the request is not using a forwarding proxy or a tunneling proxy. In those cases, urllib3 doesn't treat the `Proxy-Authorization` HTTP header as one carrying authentication material and thus doesn't strip the header on cross-origin redirects.

Because this is a highly unlikely scenario, we believe the severity of this vulnerability is low for almost all users. Out of an abundance of caution urllib3 will automatically strip the `Proxy-Authorization` header during cross-origin redirects to avoid the small chance that users are doing this on accident.

Users should use urllib3's proxy support or disable automatic redirects to achieve safe processing of the `Proxy-Authorization` header, but we still decided to strip the header by default in order to further protect users who aren't using the correct approach.

## Affected usages

We believe the number of usages affected by this advisory is low. It requires all of the following to be true to be exploited:

* Setting the `Proxy-Authorization` header without using urllib3's built-in proxy support.
* Not disabling HTTP redirects.
* Either not using an HTTPS origin server or for the proxy or target origin to redirect to a malicious origin.

## Remediation

* Using the `Proxy-Authorization` header with urllib3's `ProxyManager`.
* Disabling HTTP redirects using `redirects=False` when sending requests.
* Not using the `Proxy-Authorization` header.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-37891.json
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-37891.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-37891
reference_id
reference_type
scores
0
value 0.00256
scoring_system epss
scoring_elements 0.48966
published_at 2026-04-12T12:55:00Z
1
value 0.00256
scoring_system epss
scoring_elements 0.49016
published_at 2026-04-18T12:55:00Z
2
value 0.00256
scoring_system epss
scoring_elements 0.4902
published_at 2026-04-16T12:55:00Z
3
value 0.00256
scoring_system epss
scoring_elements 0.48973
published_at 2026-04-13T12:55:00Z
4
value 0.00256
scoring_system epss
scoring_elements 0.48992
published_at 2026-04-11T12:55:00Z
5
value 0.00256
scoring_system epss
scoring_elements 0.48975
published_at 2026-04-09T12:55:00Z
6
value 0.00256
scoring_system epss
scoring_elements 0.48978
published_at 2026-04-08T12:55:00Z
7
value 0.00256
scoring_system epss
scoring_elements 0.48924
published_at 2026-04-07T12:55:00Z
8
value 0.00263
scoring_system epss
scoring_elements 0.49666
published_at 2026-04-29T12:55:00Z
9
value 0.00263
scoring_system epss
scoring_elements 0.497
published_at 2026-04-24T12:55:00Z
10
value 0.00263
scoring_system epss
scoring_elements 0.4971
published_at 2026-04-21T12:55:00Z
11
value 0.00263
scoring_system epss
scoring_elements 0.49709
published_at 2026-04-26T12:55:00Z
12
value 0.00263
scoring_system epss
scoring_elements 0.49702
published_at 2026-04-04T12:55:00Z
13
value 0.00263
scoring_system epss
scoring_elements 0.49674
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-37891
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37891
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37891
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/urllib3/urllib3
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/urllib3/urllib3
5
reference_url https://github.com/urllib3/urllib3/commit/40b6d1605814dd1db0a46e202d6e56f2e4c9a468
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/urllib3/urllib3/commit/40b6d1605814dd1db0a46e202d6e56f2e4c9a468
6
reference_url https://github.com/urllib3/urllib3/commit/accff72ecc2f6cf5a76d9570198a93ac7c90270e
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-18T13:49:45Z/
url https://github.com/urllib3/urllib3/commit/accff72ecc2f6cf5a76d9570198a93ac7c90270e
7
reference_url https://github.com/urllib3/urllib3/security/advisories/GHSA-34jh-p97f-mpxf
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-18T13:49:45Z/
url https://github.com/urllib3/urllib3/security/advisories/GHSA-34jh-p97f-mpxf
8
reference_url https://lists.debian.org/debian-lts-announce/2024/12/msg00020.html
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2024/12/msg00020.html
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-37891
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-37891
10
reference_url https://security.netapp.com/advisory/ntap-20240822-0003
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20240822-0003
11
reference_url https://www.vicarius.io/vsociety/posts/proxy-authorization-header-handling-vulnerability-in-urllib3-cve-2024-37891
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.vicarius.io/vsociety/posts/proxy-authorization-header-handling-vulnerability-in-urllib3-cve-2024-37891
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074149
reference_id 1074149
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074149
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2292788
reference_id 2292788
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2292788
14
reference_url https://github.com/advisories/GHSA-34jh-p97f-mpxf
reference_id GHSA-34jh-p97f-mpxf
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-34jh-p97f-mpxf
15
reference_url https://access.redhat.com/errata/RHSA-2024:4422
reference_id RHSA-2024:4422
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4422
16
reference_url https://access.redhat.com/errata/RHSA-2024:4730
reference_id RHSA-2024:4730
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4730
17
reference_url https://access.redhat.com/errata/RHSA-2024:4744
reference_id RHSA-2024:4744
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4744
18
reference_url https://access.redhat.com/errata/RHSA-2024:4746
reference_id RHSA-2024:4746
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4746
19
reference_url https://access.redhat.com/errata/RHSA-2024:5041
reference_id RHSA-2024:5041
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5041
20
reference_url https://access.redhat.com/errata/RHSA-2024:5309
reference_id RHSA-2024:5309
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5309
21
reference_url https://access.redhat.com/errata/RHSA-2024:5526
reference_id RHSA-2024:5526
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5526
22
reference_url https://access.redhat.com/errata/RHSA-2024:5622
reference_id RHSA-2024:5622
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5622
23
reference_url https://access.redhat.com/errata/RHSA-2024:5627
reference_id RHSA-2024:5627
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5627
24
reference_url https://access.redhat.com/errata/RHSA-2024:5633
reference_id RHSA-2024:5633
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5633
25
reference_url https://access.redhat.com/errata/RHSA-2024:6162
reference_id RHSA-2024:6162
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6162
26
reference_url https://access.redhat.com/errata/RHSA-2024:6239
reference_id RHSA-2024:6239
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6239
27
reference_url https://access.redhat.com/errata/RHSA-2024:6240
reference_id RHSA-2024:6240
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6240
28
reference_url https://access.redhat.com/errata/RHSA-2024:6309
reference_id RHSA-2024:6309
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6309
29
reference_url https://access.redhat.com/errata/RHSA-2024:6310
reference_id RHSA-2024:6310
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6310
30
reference_url https://access.redhat.com/errata/RHSA-2024:6311
reference_id RHSA-2024:6311
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6311
31
reference_url https://access.redhat.com/errata/RHSA-2024:6358
reference_id RHSA-2024:6358
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6358
32
reference_url https://access.redhat.com/errata/RHSA-2024:7312
reference_id RHSA-2024:7312
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:7312
33
reference_url https://access.redhat.com/errata/RHSA-2024:8035
reference_id RHSA-2024:8035
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:8035
34
reference_url https://access.redhat.com/errata/RHSA-2024:8842
reference_id RHSA-2024:8842
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:8842
35
reference_url https://access.redhat.com/errata/RHSA-2024:8843
reference_id RHSA-2024:8843
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:8843
36
reference_url https://access.redhat.com/errata/RHSA-2024:8906
reference_id RHSA-2024:8906
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:8906
37
reference_url https://access.redhat.com/errata/RHSA-2024:9457
reference_id RHSA-2024:9457
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:9457
38
reference_url https://access.redhat.com/errata/RHSA-2024:9458
reference_id RHSA-2024:9458
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:9458
39
reference_url https://access.redhat.com/errata/RHSA-2024:9922
reference_id RHSA-2024:9922
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:9922
40
reference_url https://access.redhat.com/errata/RHSA-2024:9923
reference_id RHSA-2024:9923
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:9923
41
reference_url https://access.redhat.com/errata/RHSA-2024:9985
reference_id RHSA-2024:9985
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:9985
42
reference_url https://usn.ubuntu.com/7084-1/
reference_id USN-7084-1
reference_type
scores
url https://usn.ubuntu.com/7084-1/
43
reference_url https://usn.ubuntu.com/7084-2/
reference_id USN-7084-2
reference_type
scores
url https://usn.ubuntu.com/7084-2/
fixed_packages
0
url pkg:deb/debian/python-urllib3@1.26.5-1~exp1?distro=trixie
purl pkg:deb/debian/python-urllib3@1.26.5-1~exp1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-zevs-1ge5-y7g7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-urllib3@1.26.5-1~exp1%3Fdistro=trixie
1
url pkg:deb/debian/python-urllib3@1.26.5-1~exp1%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/python-urllib3@1.26.5-1~exp1%2Bdeb11u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-urllib3@1.26.5-1~exp1%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/python-urllib3@1.26.12-1%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/python-urllib3@1.26.12-1%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-zevs-1ge5-y7g7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-urllib3@1.26.12-1%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/python-urllib3@2.2.3-3?distro=trixie
purl pkg:deb/debian/python-urllib3@2.2.3-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-urllib3@2.2.3-3%3Fdistro=trixie
4
url pkg:deb/debian/python-urllib3@2.3.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/python-urllib3@2.3.0-3%2Bdeb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-zevs-1ge5-y7g7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-urllib3@2.3.0-3%252Bdeb13u1%3Fdistro=trixie
5
url pkg:deb/debian/python-urllib3@2.6.3-2?distro=trixie
purl pkg:deb/debian/python-urllib3@2.6.3-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-urllib3@2.6.3-2%3Fdistro=trixie
aliases CVE-2024-37891, GHSA-34jh-p97f-mpxf
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5tkp-pxz9-h7c2
2
url VCID-969r-9mvk-uyh4
vulnerability_id VCID-969r-9mvk-uyh4
summary urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. This issue has been patched in urllib3 version 1.26.17 or 2.0.5.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-43804.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-43804.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-43804
reference_id
reference_type
scores
0
value 0.00867
scoring_system epss
scoring_elements 0.75148
published_at 2026-04-13T12:55:00Z
1
value 0.00867
scoring_system epss
scoring_elements 0.75107
published_at 2026-04-02T12:55:00Z
2
value 0.00867
scoring_system epss
scoring_elements 0.75182
published_at 2026-04-11T12:55:00Z
3
value 0.00867
scoring_system epss
scoring_elements 0.7516
published_at 2026-04-12T12:55:00Z
4
value 0.00867
scoring_system epss
scoring_elements 0.75136
published_at 2026-04-04T12:55:00Z
5
value 0.00867
scoring_system epss
scoring_elements 0.75114
published_at 2026-04-07T12:55:00Z
6
value 0.0095
scoring_system epss
scoring_elements 0.76412
published_at 2026-04-18T12:55:00Z
7
value 0.0095
scoring_system epss
scoring_elements 0.76451
published_at 2026-04-29T12:55:00Z
8
value 0.0095
scoring_system epss
scoring_elements 0.76437
published_at 2026-04-26T12:55:00Z
9
value 0.0095
scoring_system epss
scoring_elements 0.76405
published_at 2026-04-16T12:55:00Z
10
value 0.0095
scoring_system epss
scoring_elements 0.76431
published_at 2026-04-24T12:55:00Z
11
value 0.0095
scoring_system epss
scoring_elements 0.76396
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-43804
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43804
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43804
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2023-192.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value 7.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2023-192.yaml
5
reference_url https://github.com/urllib3/urllib3
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value 7.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/urllib3/urllib3
6
reference_url https://github.com/urllib3/urllib3/commit/01220354d389cd05474713f8c982d05c9b17aafb
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
2
value 7.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/urllib3/urllib3/commit/01220354d389cd05474713f8c982d05c9b17aafb
7
reference_url https://github.com/urllib3/urllib3/commit/644124ecd0b6e417c527191f866daa05a5a2056d
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
2
value 7.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/urllib3/urllib3/commit/644124ecd0b6e417c527191f866daa05a5a2056d
8
reference_url https://github.com/urllib3/urllib3/security/advisories/GHSA-v845-jxx5-vc9f
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value 7.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
4
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/urllib3/urllib3/security/advisories/GHSA-v845-jxx5-vc9f
9
reference_url https://lists.debian.org/debian-lts-announce/2023/10/msg00012.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
2
value 7.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2023/10/msg00012.html
10
reference_url https://lists.debian.org/debian-lts-announce/2024/12/msg00020.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value 7.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2024/12/msg00020.html
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5F5CUBAN5XMEBVBZPHFITBLMJV5FIJJ5
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value 7.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5F5CUBAN5XMEBVBZPHFITBLMJV5FIJJ5
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I3PR7C6RJ6JUBQKIJ644DMIJSUP36VDY
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value 7.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I3PR7C6RJ6JUBQKIJ644DMIJSUP36VDY
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDAGZXYJ7H2G3SB47M453VQVNAWKAEJJ
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value 7.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDAGZXYJ7H2G3SB47M453VQVNAWKAEJJ
14
reference_url https://security.netapp.com/advisory/ntap-20241213-0007
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value 7.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20241213-0007
15
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053626
reference_id 1053626
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053626
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2242493
reference_id 2242493
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2242493
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-43804
reference_id CVE-2023-43804
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value 7.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-43804
18
reference_url https://www.vicarius.io/vsociety/posts/cve-2023-43804-urllib3-vulnerability-3
reference_id CVE-2023-43804-URLLIB3-VULNERABILITY-3
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value 7.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.vicarius.io/vsociety/posts/cve-2023-43804-urllib3-vulnerability-3
19
reference_url https://github.com/advisories/GHSA-v845-jxx5-vc9f
reference_id GHSA-v845-jxx5-vc9f
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v845-jxx5-vc9f
20
reference_url https://access.redhat.com/errata/RHSA-2023:6158
reference_id RHSA-2023:6158
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6158
21
reference_url https://access.redhat.com/errata/RHSA-2023:6812
reference_id RHSA-2023:6812
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6812
22
reference_url https://access.redhat.com/errata/RHSA-2023:7378
reference_id RHSA-2023:7378
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7378
23
reference_url https://access.redhat.com/errata/RHSA-2023:7385
reference_id RHSA-2023:7385
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7385
24
reference_url https://access.redhat.com/errata/RHSA-2023:7407
reference_id RHSA-2023:7407
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7407
25
reference_url https://access.redhat.com/errata/RHSA-2023:7435
reference_id RHSA-2023:7435
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7435
26
reference_url https://access.redhat.com/errata/RHSA-2023:7523
reference_id RHSA-2023:7523
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7523
27
reference_url https://access.redhat.com/errata/RHSA-2023:7528
reference_id RHSA-2023:7528
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7528
28
reference_url https://access.redhat.com/errata/RHSA-2023:7753
reference_id RHSA-2023:7753
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7753
29
reference_url https://access.redhat.com/errata/RHSA-2023:7851
reference_id RHSA-2023:7851
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7851
30
reference_url https://access.redhat.com/errata/RHSA-2024:0116
reference_id RHSA-2024:0116
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0116
31
reference_url https://access.redhat.com/errata/RHSA-2024:0133
reference_id RHSA-2024:0133
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0133
32
reference_url https://access.redhat.com/errata/RHSA-2024:0187
reference_id RHSA-2024:0187
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0187
33
reference_url https://access.redhat.com/errata/RHSA-2024:0300
reference_id RHSA-2024:0300
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0300
34
reference_url https://access.redhat.com/errata/RHSA-2024:0464
reference_id RHSA-2024:0464
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0464
35
reference_url https://access.redhat.com/errata/RHSA-2024:0588
reference_id RHSA-2024:0588
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0588
36
reference_url https://access.redhat.com/errata/RHSA-2024:1383
reference_id RHSA-2024:1383
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1383
37
reference_url https://access.redhat.com/errata/RHSA-2024:2159
reference_id RHSA-2024:2159
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2159
38
reference_url https://access.redhat.com/errata/RHSA-2024:2985
reference_id RHSA-2024:2985
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2985
39
reference_url https://access.redhat.com/errata/RHSA-2024:2986
reference_id RHSA-2024:2986
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2986
40
reference_url https://access.redhat.com/errata/RHSA-2024:2987
reference_id RHSA-2024:2987
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2987
41
reference_url https://usn.ubuntu.com/6473-1/
reference_id USN-6473-1
reference_type
scores
url https://usn.ubuntu.com/6473-1/
42
reference_url https://usn.ubuntu.com/6473-2/
reference_id USN-6473-2
reference_type
scores
url https://usn.ubuntu.com/6473-2/
fixed_packages
0
url pkg:deb/debian/python-urllib3@1.26.5-1~exp1?distro=trixie
purl pkg:deb/debian/python-urllib3@1.26.5-1~exp1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-zevs-1ge5-y7g7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-urllib3@1.26.5-1~exp1%3Fdistro=trixie
1
url pkg:deb/debian/python-urllib3@1.26.5-1~exp1%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/python-urllib3@1.26.5-1~exp1%2Bdeb11u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-urllib3@1.26.5-1~exp1%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/python-urllib3@1.26.12-1%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/python-urllib3@1.26.12-1%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-zevs-1ge5-y7g7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-urllib3@1.26.12-1%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/python-urllib3@1.26.17-1?distro=trixie
purl pkg:deb/debian/python-urllib3@1.26.17-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-urllib3@1.26.17-1%3Fdistro=trixie
4
url pkg:deb/debian/python-urllib3@2.3.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/python-urllib3@2.3.0-3%2Bdeb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-zevs-1ge5-y7g7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-urllib3@2.3.0-3%252Bdeb13u1%3Fdistro=trixie
5
url pkg:deb/debian/python-urllib3@2.6.3-2?distro=trixie
purl pkg:deb/debian/python-urllib3@2.6.3-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-urllib3@2.6.3-2%3Fdistro=trixie
aliases CVE-2023-43804, GHSA-v845-jxx5-vc9f, PYSEC-2023-192
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-969r-9mvk-uyh4
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/python-urllib3@1.26.5-1~exp1%252Bdeb11u1%3Fdistro=trixie