Download
| Alert*
ALAS-2019-1224 --- python-urllib3 python26-urllib3 python27-urllib3
urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect . This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext
|