Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. This issue has been patched in urllib3 version 1.26.17 or 2.0.5.
- https://www.vicarius.io/vsociety/posts/cve-2023-43804-urllib3-vulnerability-3
- https://github.com/JawadPy/CVE-2023-43804-Exploit
- https://github.com/NVIDIA-AI-Blueprints/vulnerability-analysis
- https://github.com/PBorocz/raindrop-io-py
- https://github.com/Swapnilalone901/vna
- https://github.com/XXRadeonXFX/flask-vuln-app
- https://github.com/aquia-inc/base-docker-images
- https://github.com/fkie-cad/nvd-json-data-feeds
- https://github.com/interrzero/base-docker-images
- https://github.com/katherineh123/temp-vuln-analysis
- https://github.com/mmbazm/device_api
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/seal-community/patches