CVE-2018-25091

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Oct 15, 2023

Updated: Oct 19, 2023

CWE ID 601

Summary

CVE-2018-25091 is a vulnerability in urllib3 before version 1.24.2. This issue arises when the library fails to remove the authorization HTTP header during cross-origin redirects. As a result, sensitive credentials can be exposed to unintended parties or transmitted in plaintext. It is important to note that this flaw is a consequence of an incomplete fix for a previous vulnerability, CVE-2018-20060.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

python-urllib3

Affected Vendors

Python Software Foundation

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/tBVe2d
https://www.cve.org/CVERecord?id=CVE-2018-25091
https://nvd.nist.gov/vuln/detail/CVE-2018-25091

Back to Vulnerability Database