Download
| Alert*
|
oval:org.secpod.oval:def:55492
python27-urllib3 is installed oval:org.secpod.oval:def:1601013 urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect . This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext oval:org.secpod.oval:def:1601030 In the urllib3 library for Python, CRLF injection is possible if the attacker controls the request parameter |
