urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. This issue has been patched in urllib3 version 1.26.17 or 2.0.5.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Fri, 13 Dec 2024 14:45:00 +0000

Type Values Removed Values Added
References

Fri, 22 Nov 2024 12:00:00 +0000


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2025-02-13T17:13:31.659Z

Reserved: 2023-09-22T14:51:42.340Z

Link: CVE-2023-43804

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-10-04T17:15:10.163

Modified: 2024-12-13T14:15:20.570

Link: CVE-2023-43804

cve-icon Redhat

Severity : Moderate

Publid Date: 2023-10-04T00:00:00Z

Links: CVE-2023-43804 - Bugzilla

cve-icon OpenCVE Enrichment

No data.