python-urllib3 (SUSE:Enterprise Storage 4) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Enterprise Storage 4 package python-urllib3, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (5)
CVE-2018-20060 — CVSS 9.8 (critical): urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that…
CVE-2019-11324 — CVSS 7.5 (high): The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS…
CVE-2019-11236 — CVSS 6.1 (medium): In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter.
CVE-2019-9740 — CVSS 6.1 (medium): An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the…
CVE-2016-9015 — CVSS 3.7 (low): Versions 1.17 and 1.18 of the Python urllib3 library suffer from a vulnerability that can cause them, in certain configurations, to not…