Search for packages
| purl | pkg:rpm/redhat/python-virtualenv@15.1.0-4?arch=el7_7 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 4.5 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-b3e6-k53t-bkgk
Aliases: CVE-2019-11236 GHSA-r64q-w8jr-g9qp PYSEC-2019-132 |
In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter. | There are no reported fixed by versions. |
|
VCID-pd4x-3cee-t7g3
Aliases: CVE-2018-18074 GHSA-x84v-xcm2-53pg PYSEC-2018-28 |
The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network. | There are no reported fixed by versions. |
|
VCID-swgb-7b34-h3a9
Aliases: CVE-2018-20060 GHSA-www2-v7xj-xrc6 PYSEC-2018-32 |
urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T14:25:40.602702+00:00 | RedHat Importer | Affected by | VCID-swgb-7b34-h3a9 | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20060.json | 38.0.0 |
| 2026-04-01T14:23:51.068548+00:00 | RedHat Importer | Affected by | VCID-pd4x-3cee-t7g3 | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18074.json | 38.0.0 |
| 2026-04-01T14:20:47.919963+00:00 | RedHat Importer | Affected by | VCID-b3e6-k53t-bkgk | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11236.json | 38.0.0 |