cve/CVE-2018-20060.md at 43553e9af13bbdba84028635c21659dede3160a7

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-06 02:31:38 +00:00

0xMarcio 49bdc782b3 Update Sun May 26 14:27:04 CEST 2024

2024-05-26 14:27:05 +02:00

Description

urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext.

POC

Reference

No PoCs from references.

Github

https://github.com/0xfabiof/aws_inspector_parser
https://github.com/ARPSyndicate/cvemon

794 B Raw Blame History

CVE-2018-20060

Description

POC

Reference

Github

794 B

Raw Blame History