For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.

OSVersionArchitecturePackageVersionFilename
RedHat8noarchpython3-urllib3< 1.25.10-5.el8ostpython3-urllib3-1.25.10-5.el8ost.noarch.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	8	noarch	python3-urllib3	< 1.25.10-5.el8ost	python3-urllib3-1.25.10-5.el8ost.noarch.rpm

nessus 68

osv 20

prion 1

openvas 28

ibm 23

redhat 17

github 1

oraclelinux 7

cbl_mariner 2

debiancve 1

almalinux 7

cve 1

rocky 1

f5 1

fedora 3

veracode 1

alpinelinux 1

ubuntucve 1

redhatcve 1

nvd 1

githubexploit 2

redos 2

cgr 1

cvelist 1

wolfi 1

photon 2

aix 1

ubuntu 2

cloudfoundry 1

nessus

Photon OS 5.0: Python3 PHSA-2023-5.0-0155

2024-07-24 00:00:00

CentOS 8 : python3.11-urllib3 (CESA-2024:2986)

2024-05-22 00:00:00

RHEL 9 : python3.11-urllib3 (RHSA-2024:2159)

2024-04-30 00:00:00

osv

`Cookie` HTTP header isn't stripped on cross-origin redirects

2023-10-02 23:27:05

CGA-mqx7-jxgh-vrfr

2024-06-06 12:28:34

CGA-7c9w-c64m-rwq2

2024-06-06 12:24:55

prion

Information disclosure

2023-10-04 17:15:00

openvas

Huawei EulerOS: Security Advisory for python-pip (EulerOS-SA-2023-3315)

2023-12-12 00:00:00

Huawei EulerOS: Security Advisory for python-urllib3 (EulerOS-SA-2023-3348)

2023-12-12 00:00:00

Huawei EulerOS: Security Advisory for python-pip (EulerOS-SA-2024-1046)

2024-01-05 00:00:00

ibm

Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in urllib3-1.26.16-py2.py3-none-any.whl

2024-03-28 11:47:35

Security Bulletin: urllib3-1.26.16-py2.py3-none-any.whl (Publicly disclosed vulnerability found by Mend) was vulnerable to this CVE-2023-43804

2024-03-04 07:22:56

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to urllib3 sensitive information discolsure vulnerabilitiy [ CVE-2023-43804]

2024-02-05 19:46:45

redhat

(RHSA-2024:2159) Moderate: python3.11-urllib3 security update

2024-04-30 06:14:54

(RHSA-2024:2986) Moderate: python3.11-urllib3 security update

2024-05-22 06:35:16

(RHSA-2023:7435) Moderate: fence-agents security update

2023-11-21 15:08:57

github

`Cookie` HTTP header isn't stripped on cross-origin redirects

2023-10-02 23:27:05

oraclelinux

python3.11-urllib3 security update

2024-05-02 00:00:00

python3.11-urllib3 security update

2024-05-23 00:00:00

fence-agents security update

2023-12-18 00:00:00

cbl_mariner

CVE-2023-43804 affecting package python-urllib3 for versions less than 2.0.7-1

2024-07-24 00:12:29

CVE-2023-43804 affecting package python-urllib3 for versions less than 1.26.18-1

2023-11-08 02:07:28

debiancve

CVE-2023-43804

2023-10-04 17:15:10

almalinux

Moderate: python3.11-urllib3 security update

2024-05-22 00:00:00

Moderate: python3.11-urllib3 security update

2024-04-30 00:00:00

Moderate: python-urllib3 security update

2024-01-25 00:00:00

cve

CVE-2023-43804

2023-10-04 17:15:10

rocky

python3.11-urllib3 security update

2024-06-14 13:59:30

K000138600 : Python vulnerability CVE-2023-43804

2024-02-13 00:00:00

fedora

[SECURITY] Fedora 38 Update: python-urllib3-1.26.17-1.fc38

2023-10-11 01:37:16

[SECURITY] Fedora 37 Update: python-urllib3-1.26.17-1.fc37

2023-10-13 01:33:52

[SECURITY] Fedora 39 Update: python-urllib3-1.26.18-1.fc39

2023-11-03 19:01:21

veracode

Information Disclosure

2023-10-06 12:09:49

alpinelinux

CVE-2023-43804

2023-10-04 17:15:10

ubuntucve

CVE-2023-43804

2023-10-04 00:00:00

redhatcve

CVE-2023-43804

2023-10-10 04:25:25

nvd

CVE-2023-43804

2023-10-04 17:15:10

githubexploit

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Python Urllib3

2023-10-13 06:15:45

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Python Urllib3

2023-10-13 06:15:45

redos

ROS-20240405-02

2024-04-05 00:00:00

ROS-20240412-04

2024-04-12 00:00:00

cgr

CVE-2023-43804 vulnerabilities

2024-05-19 03:07:16

cvelist

CVE-2023-43804 `Cookie` HTTP header isn't stripped on cross-origin redirects

2023-10-04 16:01:50

wolfi

CVE-2023-43804 vulnerabilities

2024-10-01 21:13:23

photon

Important Photon OS Security Update - PHSA-2023-5.0-0155

2023-11-25 00:00:00

Important Photon OS Security Update - PHSA-2023-4.0-0519

2023-11-23 00:00:00

aix

AIX is affected by multiple vulnerabilities due to Python

2023-12-21 08:42:03

ubuntu

pip vulnerabilities

2023-11-15 00:00:00

urllib3 vulnerabilities

2023-11-07 00:00:00

cloudfoundry

USN-6473-1: urllib3 vulnerabilities | Cloud Foundry

2023-11-09 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

AI Score

7.2

Confidence

Low

EPSS

0.001

Percentile

39.2%

JSON

Related for RHSA-2024:0187