Search for packages
Package details: pkg:pypi/urllib3@1.26.10
purl pkg:pypi/urllib3@1.26.10
Next non-vulnerable version 1.26.19
Latest non-vulnerable version 2.5.0
Risk 4.0
Vulnerabilities affecting this package (3)
Vulnerability Summary Fixed by
VCID-1cgk-q3r3-aaam
Aliases:
CVE-2024-37891
GHSA-34jh-p97f-mpxf
urllib3's Proxy-Authorization request header isn't stripped during cross-origin redirects When using urllib3's proxy support with `ProxyManager`, the `Proxy-Authorization` header is only sent to the configured proxy, as expected. However, when sending HTTP requests *without* using urllib3's proxy support, it's possible to accidentally configure the `Proxy-Authorization` header even though it won't have any effect as the request is not using a forwarding proxy or a tunneling proxy. In those cases, urllib3 doesn't treat the `Proxy-Authorization` HTTP header as one carrying authentication material and thus doesn't strip the header on cross-origin redirects. Because this is a highly unlikely scenario, we believe the severity of this vulnerability is low for almost all users. Out of an abundance of caution urllib3 will automatically strip the `Proxy-Authorization` header during cross-origin redirects to avoid the small chance that users are doing this on accident. Users should use urllib3's proxy support or disable automatic redirects to achieve safe processing of the `Proxy-Authorization` header, but we still decided to strip the header by default in order to further protect users who aren't using the correct approach. ## Affected usages We believe the number of usages affected by this advisory is low. It requires all of the following to be true to be exploited: * Setting the `Proxy-Authorization` header without using urllib3's built-in proxy support. * Not disabling HTTP redirects. * Either not using an HTTPS origin server or for the proxy or target origin to redirect to a malicious origin. ## Remediation * Using the `Proxy-Authorization` header with urllib3's `ProxyManager`. * Disabling HTTP redirects using `redirects=False` when sending requests. * Not using the `Proxy-Authorization` header.
1.26.19
Affected by 0 other vulnerabilities.
2.0.0a1
Affected by 0 other vulnerabilities.
2.2.2
Affected by 0 other vulnerabilities.
VCID-c4sy-7zv4-aaas
Aliases:
CVE-2023-43804
GHSA-v845-jxx5-vc9f
PYSEC-0000-CVE-2023-43804
PYSEC-2023-192
`Cookie` HTTP header isn't stripped on cross-origin redirects
1.26.17
Affected by 2 other vulnerabilities.
2.0.0a1
Affected by 0 other vulnerabilities.
2.0.6
Affected by 2 other vulnerabilities.
VCID-r496-vgsm-aaac
Aliases:
CVE-2023-45803
GHSA-g4mx-q9vg-27p4
PYSEC-0000-CVE-2023-45803
PYSEC-2023-212
urllib3's request body not stripped after redirect from 303 status changes request method to GET
1.26.18
Affected by 1 other vulnerability.
2.0.0a1
Affected by 0 other vulnerabilities.
2.0.7
Affected by 1 other vulnerability.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2025-06-20T17:03:41.876850+00:00 GitLab Importer Affected by VCID-1cgk-q3r3-aaam https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/urllib3/CVE-2024-37891.yml 36.1.3
2025-06-20T16:46:01.122088+00:00 GitLab Importer Affected by VCID-r496-vgsm-aaac None 36.1.3
2025-06-20T16:46:00.657962+00:00 GitLab Importer Affected by VCID-r496-vgsm-aaac https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/urllib3/CVE-2023-45803.yml 36.1.3
2025-06-20T16:44:36.779246+00:00 GitLab Importer Affected by VCID-c4sy-7zv4-aaas None 36.1.3
2025-06-20T16:44:26.931792+00:00 GitLab Importer Affected by VCID-c4sy-7zv4-aaas https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/urllib3/CVE-2023-43804.yml 36.1.3
2025-06-03T23:40:03.924588+00:00 GitLab Importer Affected by VCID-1cgk-q3r3-aaam https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/urllib3/CVE-2024-37891.yml 36.1.0
2025-06-03T23:23:59.402490+00:00 GitLab Importer Affected by VCID-r496-vgsm-aaac None 36.1.0
2025-06-03T23:23:59.027684+00:00 GitLab Importer Affected by VCID-r496-vgsm-aaac https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/urllib3/CVE-2023-45803.yml 36.1.0
2025-06-03T23:22:46.943150+00:00 GitLab Importer Affected by VCID-c4sy-7zv4-aaas None 36.1.0
2025-06-03T23:22:38.476683+00:00 GitLab Importer Affected by VCID-c4sy-7zv4-aaas https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/urllib3/CVE-2023-43804.yml 36.1.0
2025-06-02T23:38:20.243068+00:00 GitLab Importer Affected by VCID-1cgk-q3r3-aaam https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/urllib3/CVE-2024-37891.yml 36.1.2
2025-06-02T23:21:25.962096+00:00 GitLab Importer Affected by VCID-r496-vgsm-aaac None 36.1.2
2025-06-02T23:21:25.548470+00:00 GitLab Importer Affected by VCID-r496-vgsm-aaac https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/urllib3/CVE-2023-45803.yml 36.1.2
2025-06-02T23:20:07.805946+00:00 GitLab Importer Affected by VCID-c4sy-7zv4-aaas None 36.1.2
2025-06-02T23:19:58.582068+00:00 GitLab Importer Affected by VCID-c4sy-7zv4-aaas https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/urllib3/CVE-2023-43804.yml 36.1.2
2025-04-03T22:15:43.691471+00:00 GitLab Importer Affected by VCID-1cgk-q3r3-aaam https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/urllib3/CVE-2024-37891.yml 36.0.0
2025-04-03T21:41:02.334551+00:00 GitLab Importer Affected by VCID-r496-vgsm-aaac None 36.0.0
2025-04-03T21:41:01.200684+00:00 GitLab Importer Affected by VCID-r496-vgsm-aaac https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/urllib3/CVE-2023-45803.yml 36.0.0
2025-04-03T21:38:24.636174+00:00 GitLab Importer Affected by VCID-c4sy-7zv4-aaas None 36.0.0
2025-04-03T21:38:05.967045+00:00 GitLab Importer Affected by VCID-c4sy-7zv4-aaas https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/urllib3/CVE-2023-43804.yml 36.0.0
2025-02-18T04:01:30.071159+00:00 GitLab Importer Affected by VCID-1cgk-q3r3-aaam https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/urllib3/CVE-2024-37891.yml 35.1.0
2025-02-18T03:38:52.562005+00:00 GitLab Importer Affected by VCID-r496-vgsm-aaac None 35.1.0
2025-02-18T03:38:51.534032+00:00 GitLab Importer Affected by VCID-r496-vgsm-aaac https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/urllib3/CVE-2023-45803.yml 35.1.0
2025-02-18T03:37:48.342329+00:00 GitLab Importer Affected by VCID-c4sy-7zv4-aaas None 35.1.0
2025-02-18T03:37:47.309695+00:00 GitLab Importer Affected by VCID-c4sy-7zv4-aaas https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/urllib3/CVE-2023-43804.yml 35.1.0
2024-11-21T01:10:55.338695+00:00 GitLab Importer Affected by VCID-1cgk-q3r3-aaam https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/urllib3/CVE-2024-37891.yml 35.0.0
2024-11-21T00:58:30.861765+00:00 GitLab Importer Affected by VCID-r496-vgsm-aaac https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/urllib3/CVE-2023-45803.yml 35.0.0
2024-11-21T00:58:01.412306+00:00 GitLab Importer Affected by VCID-c4sy-7zv4-aaas https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/urllib3/CVE-2023-43804.yml 35.0.0
2024-11-19T02:50:48.765643+00:00 GitLab Importer Affected by VCID-c4sy-7zv4-aaas https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/urllib3/CVE-2023-43804.yml 34.3.2
2024-11-19T00:59:37.343152+00:00 GitLab Importer Affected by VCID-1cgk-q3r3-aaam https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/urllib3/CVE-2024-37891.yml 34.3.2
2024-11-19T00:40:09.886571+00:00 GitLab Importer Affected by VCID-r496-vgsm-aaac https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/urllib3/CVE-2023-45803.yml 34.3.2
2024-10-08T03:26:15.674607+00:00 GitLab Importer Affected by VCID-c4sy-7zv4-aaas https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/urllib3/CVE-2023-43804.yml 34.0.2
2024-10-08T01:37:22.788069+00:00 GitLab Importer Affected by VCID-1cgk-q3r3-aaam https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/urllib3/CVE-2024-37891.yml 34.0.2
2024-10-08T01:19:08.060797+00:00 GitLab Importer Affected by VCID-r496-vgsm-aaac https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/urllib3/CVE-2023-45803.yml 34.0.2
2024-10-07T22:16:22.837050+00:00 GHSA Importer Affected by VCID-1cgk-q3r3-aaam https://github.com/advisories/GHSA-34jh-p97f-mpxf 34.0.2
2024-10-07T21:45:08.564491+00:00 GHSA Importer Affected by VCID-r496-vgsm-aaac https://github.com/advisories/GHSA-g4mx-q9vg-27p4 34.0.2
2024-10-07T21:44:10.459695+00:00 GHSA Importer Affected by VCID-c4sy-7zv4-aaas https://github.com/advisories/GHSA-v845-jxx5-vc9f 34.0.2
2024-09-23T03:21:38.817050+00:00 GitLab Importer Affected by VCID-c4sy-7zv4-aaas https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/urllib3/CVE-2023-43804.yml 34.0.1
2024-09-23T01:34:38.028936+00:00 GitLab Importer Affected by VCID-1cgk-q3r3-aaam https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/urllib3/CVE-2024-37891.yml 34.0.1
2024-09-23T01:24:46.599446+00:00 GitLab Importer Affected by VCID-r496-vgsm-aaac https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/urllib3/CVE-2023-45803.yml 34.0.1
2024-09-22T22:42:56.978353+00:00 GHSA Importer Affected by VCID-1cgk-q3r3-aaam https://github.com/advisories/GHSA-34jh-p97f-mpxf 34.0.1
2024-09-22T22:14:36.273365+00:00 GHSA Importer Affected by VCID-r496-vgsm-aaac https://github.com/advisories/GHSA-g4mx-q9vg-27p4 34.0.1
2024-09-22T22:13:41.513979+00:00 GHSA Importer Affected by VCID-c4sy-7zv4-aaas https://github.com/advisories/GHSA-v845-jxx5-vc9f 34.0.1
2024-09-18T12:28:39.411051+00:00 Pypa Importer Affected by VCID-r496-vgsm-aaac https://github.com/pypa/advisory-database/blob/main/vulns/urllib3/PYSEC-2023-212.yaml 34.0.1
2024-09-18T12:28:36.031362+00:00 Pypa Importer Affected by VCID-c4sy-7zv4-aaas https://github.com/pypa/advisory-database/blob/main/vulns/urllib3/PYSEC-2023-192.yaml 34.0.1
2024-09-17T23:17:52.679429+00:00 PyPI Importer Affected by VCID-r496-vgsm-aaac https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 34.0.1
2024-09-17T23:17:37.722152+00:00 PyPI Importer Affected by VCID-c4sy-7zv4-aaas https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 34.0.1
2024-05-17T20:52:12.550996+00:00 GHSA Importer Affected by VCID-r496-vgsm-aaac https://github.com/advisories/GHSA-g4mx-q9vg-27p4 34.0.0rc4
2024-05-17T20:52:10.565891+00:00 GHSA Importer Affected by VCID-r496-vgsm-aaac None 34.0.0rc4
2024-04-24T03:54:33.529589+00:00 GitLab Importer Affected by VCID-r496-vgsm-aaac https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/urllib3/CVE-2023-45803.yml 34.0.0rc4
2024-04-24T03:54:32.990073+00:00 GitLab Importer Affected by VCID-r496-vgsm-aaac None 34.0.0rc4
2024-04-24T03:53:37.041024+00:00 GitLab Importer Affected by VCID-c4sy-7zv4-aaas https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/urllib3/CVE-2023-43804.yml 34.0.0rc4
2024-04-24T03:53:36.540198+00:00 GitLab Importer Affected by VCID-c4sy-7zv4-aaas None 34.0.0rc4
2024-04-24T00:50:30.104022+00:00 GHSA Importer Affected by VCID-c4sy-7zv4-aaas https://github.com/advisories/GHSA-v845-jxx5-vc9f 34.0.0rc4
2024-04-24T00:50:28.897544+00:00 GHSA Importer Affected by VCID-c4sy-7zv4-aaas None 34.0.0rc4
2024-01-10T06:35:13.358213+00:00 GitLab Importer Affected by VCID-r496-vgsm-aaac https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/urllib3/CVE-2023-45803.yml 34.0.0rc2
2024-01-10T06:35:12.811958+00:00 GitLab Importer Affected by VCID-r496-vgsm-aaac None 34.0.0rc2
2024-01-10T06:34:37.459988+00:00 GitLab Importer Affected by VCID-c4sy-7zv4-aaas https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/urllib3/CVE-2023-43804.yml 34.0.0rc2
2024-01-10T06:34:36.927961+00:00 GitLab Importer Affected by VCID-c4sy-7zv4-aaas None 34.0.0rc2
2024-01-10T02:59:16.622907+00:00 GHSA Importer Affected by VCID-r496-vgsm-aaac https://github.com/advisories/GHSA-g4mx-q9vg-27p4 34.0.0rc2
2024-01-10T02:59:14.793299+00:00 GHSA Importer Affected by VCID-r496-vgsm-aaac None 34.0.0rc2
2024-01-10T02:57:10.996156+00:00 GHSA Importer Affected by VCID-c4sy-7zv4-aaas https://github.com/advisories/GHSA-v845-jxx5-vc9f 34.0.0rc2
2024-01-10T02:57:09.791672+00:00 GHSA Importer Affected by VCID-c4sy-7zv4-aaas None 34.0.0rc2
2024-01-03T23:21:37.336416+00:00 GitLab Importer Affected by VCID-r496-vgsm-aaac https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/urllib3/CVE-2023-45803.yml 34.0.0rc1
2024-01-03T23:21:36.794777+00:00 GitLab Importer Affected by VCID-r496-vgsm-aaac None 34.0.0rc1
2024-01-03T23:20:56.710085+00:00 GitLab Importer Affected by VCID-c4sy-7zv4-aaas https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/urllib3/CVE-2023-43804.yml 34.0.0rc1
2024-01-03T23:20:56.184567+00:00 GitLab Importer Affected by VCID-c4sy-7zv4-aaas None 34.0.0rc1
2024-01-03T18:54:07.399771+00:00 PyPI Importer Affected by VCID-r496-vgsm-aaac https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 34.0.0rc1
2024-01-03T18:54:00.077423+00:00 PyPI Importer Affected by VCID-c4sy-7zv4-aaas https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 34.0.0rc1
2024-01-03T18:20:30.507732+00:00 Pypa Importer Affected by VCID-c4sy-7zv4-aaas https://github.com/pypa/advisory-database/blob/main/vulns/urllib3/PYSEC-2023-192.yaml 34.0.0rc1
2024-01-03T18:20:28.474178+00:00 Pypa Importer Affected by VCID-r496-vgsm-aaac https://github.com/pypa/advisory-database/blob/main/vulns/urllib3/PYSEC-2023-212.yaml 34.0.0rc1