Find, fix and prevent vulnerabilities in your code.
medium severity
- Vulnerable module: urllib3
- Introduced through: requests@2.31.0
Detailed paths
-
Introduced through: dhondta/python-sploitkit@dhondta/python-sploitkit#689597358ca12fe4076a8d9faa86b345304955d1 › requests@2.31.0 › urllib3@2.0.7Remediation: Upgrade to requests@2.32.0.
Overview
urllib3 is a HTTP library with thread-safe connection pooling, file post, and more.
Affected versions of this package are vulnerable to Improper Removal of Sensitive Information Before Storage or Transfer due to the improper handling of the Proxy-Authorization
header during cross-origin redirects when ProxyManager
is not in use. When the conditions below are met, including non-recommended configurations, the contents of this header can be sent in an automatic HTTP redirect.
Notes:
To be vulnerable, the application must be doing all of the following:
Setting the
Proxy-Authorization
header without using urllib3's built-in proxy support.Not disabling HTTP redirects (e.g. with
redirects=False
)Either not using an HTTPS origin server, or having a proxy or target origin that redirects to a malicious origin.
Workarounds
Using the
Proxy-Authorization
header with urllib3'sProxyManager
.Disabling HTTP redirects using
redirects=False
when sending requests.Not using the
Proxy-Authorization
header.
Remediation
Upgrade urllib3
to version 1.26.19, 2.2.2 or higher.
References
medium severity
- Vulnerable module: requests
- Introduced through: requests@2.31.0
Detailed paths
-
Introduced through: dhondta/python-sploitkit@dhondta/python-sploitkit#689597358ca12fe4076a8d9faa86b345304955d1 › requests@2.31.0Remediation: Upgrade to requests@2.32.2.
Overview
Affected versions of this package are vulnerable to Always-Incorrect Control Flow Implementation when making requests through a Requests Session
. An attacker can bypass certificate verification by making the first request with verify=False
, causing all subsequent requests to ignore certificate verification regardless of changes to the verify
value.
Notes:
For requests <2.32.0, avoid setting
verify=False
for the first request to a host while using a Requests Session.For requests <2.32.0, call
close()
on Session objects to clear existing connections ifverify=False
is used.This vulnerability was initially fixed in version 2.32.0, which was yanked. Therefore, the next available fixed version is 2.32.2.
Remediation
Upgrade requests
to version 2.32.2 or higher.
References
medium severity
new
- Module: certifi
- Introduced through: requests@2.31.0
Detailed paths
-
Introduced through: dhondta/python-sploitkit@dhondta/python-sploitkit#689597358ca12fe4076a8d9faa86b345304955d1 › requests@2.31.0 › certifi@2024.12.14
MPL-2.0 license