VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-r496-vgsm-aaac

Essentials
Severities (122)
References (43)
Severity details (31)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-r496-vgsm-aaac
Aliases	CVE-2023-45803 GHSA-g4mx-q9vg-27p4 PYSEC-0000-CVE-2023-45803 PYSEC-2023-212
Summary	urllib3's request body not stripped after redirect from 303 status changes request method to GET
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-200	Exposure of Sensitive Information to an Unauthorized Actor
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3	4.2	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45803.json
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2023-45803
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2023-45803
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2023-45803
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2023-45803
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2023-45803
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2023-45803
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2023-45803
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2023-45803
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2023-45803
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2023-45803
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2023-45803
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2023-45803
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2023-45803
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2023-45803
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2023-45803
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2023-45803
epss	0.00056	https://api.first.org/data/v1/epss?cve=CVE-2023-45803
epss	0.00056	https://api.first.org/data/v1/epss?cve=CVE-2023-45803
epss	0.00056	https://api.first.org/data/v1/epss?cve=CVE-2023-45803
epss	0.00056	https://api.first.org/data/v1/epss?cve=CVE-2023-45803
epss	0.00056	https://api.first.org/data/v1/epss?cve=CVE-2023-45803
epss	0.00056	https://api.first.org/data/v1/epss?cve=CVE-2023-45803
epss	0.00056	https://api.first.org/data/v1/epss?cve=CVE-2023-45803
epss	0.00056	https://api.first.org/data/v1/epss?cve=CVE-2023-45803
epss	0.00056	https://api.first.org/data/v1/epss?cve=CVE-2023-45803
epss	0.00056	https://api.first.org/data/v1/epss?cve=CVE-2023-45803
epss	0.00056	https://api.first.org/data/v1/epss?cve=CVE-2023-45803
epss	0.00056	https://api.first.org/data/v1/epss?cve=CVE-2023-45803
epss	0.00056	https://api.first.org/data/v1/epss?cve=CVE-2023-45803
epss	0.00056	https://api.first.org/data/v1/epss?cve=CVE-2023-45803
epss	0.00056	https://api.first.org/data/v1/epss?cve=CVE-2023-45803
epss	0.00056	https://api.first.org/data/v1/epss?cve=CVE-2023-45803
epss	0.00056	https://api.first.org/data/v1/epss?cve=CVE-2023-45803
epss	0.00056	https://api.first.org/data/v1/epss?cve=CVE-2023-45803
epss	0.00056	https://api.first.org/data/v1/epss?cve=CVE-2023-45803
epss	0.00056	https://api.first.org/data/v1/epss?cve=CVE-2023-45803
epss	0.00056	https://api.first.org/data/v1/epss?cve=CVE-2023-45803
epss	0.00056	https://api.first.org/data/v1/epss?cve=CVE-2023-45803
epss	0.00056	https://api.first.org/data/v1/epss?cve=CVE-2023-45803
epss	0.00056	https://api.first.org/data/v1/epss?cve=CVE-2023-45803
epss	0.00056	https://api.first.org/data/v1/epss?cve=CVE-2023-45803
epss	0.00056	https://api.first.org/data/v1/epss?cve=CVE-2023-45803
epss	0.00056	https://api.first.org/data/v1/epss?cve=CVE-2023-45803
epss	0.00056	https://api.first.org/data/v1/epss?cve=CVE-2023-45803
epss	0.00056	https://api.first.org/data/v1/epss?cve=CVE-2023-45803
epss	0.00056	https://api.first.org/data/v1/epss?cve=CVE-2023-45803
epss	0.00056	https://api.first.org/data/v1/epss?cve=CVE-2023-45803
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2023-45803
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2023-45803
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2023-45803
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2023-45803
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2023-45803
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2023-45803
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2023-45803
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2023-45803
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2023-45803
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2023-45803
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2023-45803
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2023-45803
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2023-45803
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2023-45803
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2023-45803
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2023-45803
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2023-45803
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2023-45803
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2023-45803
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2023-45803
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2023-45803
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2023-45803
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2023-45803
epss	0.00057	https://api.first.org/data/v1/epss?cve=CVE-2023-45803
epss	0.00062	https://api.first.org/data/v1/epss?cve=CVE-2023-45803
epss	0.00062	https://api.first.org/data/v1/epss?cve=CVE-2023-45803
epss	0.00062	https://api.first.org/data/v1/epss?cve=CVE-2023-45803
epss	0.00062	https://api.first.org/data/v1/epss?cve=CVE-2023-45803
epss	0.00062	https://api.first.org/data/v1/epss?cve=CVE-2023-45803
epss	0.00062	https://api.first.org/data/v1/epss?cve=CVE-2023-45803
epss	0.00062	https://api.first.org/data/v1/epss?cve=CVE-2023-45803
epss	0.00062	https://api.first.org/data/v1/epss?cve=CVE-2023-45803
epss	0.00062	https://api.first.org/data/v1/epss?cve=CVE-2023-45803
epss	0.00062	https://api.first.org/data/v1/epss?cve=CVE-2023-45803
epss	0.00062	https://api.first.org/data/v1/epss?cve=CVE-2023-45803
epss	0.00062	https://api.first.org/data/v1/epss?cve=CVE-2023-45803
epss	0.00062	https://api.first.org/data/v1/epss?cve=CVE-2023-45803
epss	0.00062	https://api.first.org/data/v1/epss?cve=CVE-2023-45803
epss	0.00062	https://api.first.org/data/v1/epss?cve=CVE-2023-45803
epss	0.00062	https://api.first.org/data/v1/epss?cve=CVE-2023-45803
epss	0.00062	https://api.first.org/data/v1/epss?cve=CVE-2023-45803
epss	0.00062	https://api.first.org/data/v1/epss?cve=CVE-2023-45803
epss	0.00064	https://api.first.org/data/v1/epss?cve=CVE-2023-45803
epss	0.00155	https://api.first.org/data/v1/epss?cve=CVE-2023-45803
cvssv3.1	4.2	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-g4mx-q9vg-27p4
cvssv3.1	4.2	https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2023-212.yaml
generic_textual	MODERATE	https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2023-212.yaml
cvssv3.1	4.4	https://github.com/urllib3/urllib3
generic_textual	MODERATE	https://github.com/urllib3/urllib3
cvssv3.1	4.2	https://github.com/urllib3/urllib3/commit/4e50fbc5db74e32cabd5ccc1ab81fc103adfe0b3
generic_textual	MODERATE	https://github.com/urllib3/urllib3/commit/4e50fbc5db74e32cabd5ccc1ab81fc103adfe0b3
cvssv3.1	4.2	https://github.com/urllib3/urllib3/commit/4e98d57809dacab1cbe625fddeec1a290c478ea9
generic_textual	MODERATE	https://github.com/urllib3/urllib3/commit/4e98d57809dacab1cbe625fddeec1a290c478ea9
cvssv3.1	4.2	https://github.com/urllib3/urllib3/commit/b594c5ceaca38e1ac215f916538fb128e3526a36
generic_textual	MODERATE	https://github.com/urllib3/urllib3/commit/b594c5ceaca38e1ac215f916538fb128e3526a36
cvssv3.1	4.2	https://github.com/urllib3/urllib3/releases/tag/1.26.18
generic_textual	MODERATE	https://github.com/urllib3/urllib3/releases/tag/1.26.18
cvssv3.1	4.2	https://github.com/urllib3/urllib3/releases/tag/2.0.7
generic_textual	MODERATE	https://github.com/urllib3/urllib3/releases/tag/2.0.7
cvssv3.1	4.2	https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4
cvssv3.1_qr	MODERATE	https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4
ssvc	Track	https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4
cvssv3.1	4.2	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4R2Y5XK3WALSR3FNAGN7JBYV2B343ZKB
generic_textual	MODERATE	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4R2Y5XK3WALSR3FNAGN7JBYV2B343ZKB
cvssv3.1	4.2	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5F5CUBAN5XMEBVBZPHFITBLMJV5FIJJ5
generic_textual	MODERATE	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5F5CUBAN5XMEBVBZPHFITBLMJV5FIJJ5
cvssv3.1	4.2	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PPDPLM6UUMN55ESPQWJFLLIZY4ZKCNRX
generic_textual	MODERATE	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PPDPLM6UUMN55ESPQWJFLLIZY4ZKCNRX
cvssv3.1	4.2	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PPDPLM6UUMN55ESPQWJFLLIZY4ZKCNRX/
cvssv3	4.2	https://nvd.nist.gov/vuln/detail/CVE-2023-45803
cvssv3.1	4.2	https://nvd.nist.gov/vuln/detail/CVE-2023-45803
cvssv3.1	4.2	https://www.rfc-editor.org/rfc/rfc9110.html#name-get
generic_textual	MODERATE	https://www.rfc-editor.org/rfc/rfc9110.html#name-get

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45803.json
		https://api.first.org/data/v1/epss?cve=CVE-2023-45803
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45803
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2023-212.yaml
		https://github.com/urllib3/urllib3
		https://github.com/urllib3/urllib3/commit/4e50fbc5db74e32cabd5ccc1ab81fc103adfe0b3
		https://github.com/urllib3/urllib3/commit/4e98d57809dacab1cbe625fddeec1a290c478ea9
		https://github.com/urllib3/urllib3/commit/b594c5ceaca38e1ac215f916538fb128e3526a36
		https://github.com/urllib3/urllib3/releases/tag/1.26.18
		https://github.com/urllib3/urllib3/releases/tag/2.0.7
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4R2Y5XK3WALSR3FNAGN7JBYV2B343ZKB
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4R2Y5XK3WALSR3FNAGN7JBYV2B343ZKB/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5F5CUBAN5XMEBVBZPHFITBLMJV5FIJJ5
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5F5CUBAN5XMEBVBZPHFITBLMJV5FIJJ5/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PPDPLM6UUMN55ESPQWJFLLIZY4ZKCNRX
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PPDPLM6UUMN55ESPQWJFLLIZY4ZKCNRX/
		https://www.rfc-editor.org/rfc/rfc9110.html#name-get
1054226		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054226
2246840		https://bugzilla.redhat.com/show_bug.cgi?id=2246840
cpe:2.3:a:python:urllib3::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:urllib3::::::::
cpe:2.3:o:fedoraproject:fedora:38:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:38:::::::*
CVE-2023-45803		https://nvd.nist.gov/vuln/detail/CVE-2023-45803
GHSA-g4mx-q9vg-27p4		https://github.com/advisories/GHSA-g4mx-q9vg-27p4
GHSA-g4mx-q9vg-27p4		https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4
RHSA-2024:0116		https://access.redhat.com/errata/RHSA-2024:0116
RHSA-2024:0300		https://access.redhat.com/errata/RHSA-2024:0300
RHSA-2024:0464		https://access.redhat.com/errata/RHSA-2024:0464
RHSA-2024:0588		https://access.redhat.com/errata/RHSA-2024:0588
RHSA-2024:11189		https://access.redhat.com/errata/RHSA-2024:11189
RHSA-2024:11238		https://access.redhat.com/errata/RHSA-2024:11238
RHSA-2024:1155		https://access.redhat.com/errata/RHSA-2024:1155
RHSA-2024:1383		https://access.redhat.com/errata/RHSA-2024:1383
RHSA-2024:2132		https://access.redhat.com/errata/RHSA-2024:2132
RHSA-2024:2734		https://access.redhat.com/errata/RHSA-2024:2734
RHSA-2024:2952		https://access.redhat.com/errata/RHSA-2024:2952
RHSA-2024:2968		https://access.redhat.com/errata/RHSA-2024:2968
RHSA-2024:2988		https://access.redhat.com/errata/RHSA-2024:2988
RHSA-2025:0078		https://access.redhat.com/errata/RHSA-2025:0078
RHSA-2025:1793		https://access.redhat.com/errata/RHSA-2025:1793
RHSA-2025:1813		https://access.redhat.com/errata/RHSA-2025:1813
USN-6473-1		https://usn.ubuntu.com/6473-1/
USN-6473-2		https://usn.ubuntu.com/6473-2/

No exploits are available.

Vector: CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45803.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2023-212.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/urllib3/urllib3

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/urllib3/urllib3/commit/4e50fbc5db74e32cabd5ccc1ab81fc103adfe0b3

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/urllib3/urllib3/commit/4e98d57809dacab1cbe625fddeec1a290c478ea9

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/urllib3/urllib3/commit/b594c5ceaca38e1ac215f916538fb128e3526a36

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/urllib3/urllib3/releases/tag/1.26.18

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/urllib3/urllib3/releases/tag/2.0.7

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T15:56:19Z/ Found at https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4

Vector: CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4R2Y5XK3WALSR3FNAGN7JBYV2B343ZKB

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5F5CUBAN5XMEBVBZPHFITBLMJV5FIJJ5

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PPDPLM6UUMN55ESPQWJFLLIZY4ZKCNRX

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PPDPLM6UUMN55ESPQWJFLLIZY4ZKCNRX/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-45803

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-45803

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N Found at https://www.rfc-editor.org/rfc/rfc9110.html#name-get

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.10768
EPSS Score	0.00043
Published At	Nov. 1, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.