You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
HTTP Header Injection
Vulnerable module: urllib3
Introduced through: requests@2.21.0, cachecontrol@0.11.5 and others
Exploit maturity: No known exploit
Fixed in: 1.25.9
Detailed paths and remediation
Introduced through: project@0.0.0 › requests@2.21.0 › urllib3@1.24.3
Remediation: Pin urllib3 to version 1.25.9
Introduced through: project@0.0.0 › cachecontrol@0.11.5 › requests@2.21.0 › urllib3@1.24.3
Remediation: Pin urllib3 to version 1.25.9
Introduced through: project@0.0.0 › cg-django-uaa@2.0.0 › requests@2.21.0 › urllib3@1.24.3
Remediation: Pin urllib3 to version 1.25.9
Introduced through: project@0.0.0 › github3.py@0.9.6 › requests@2.21.0 › urllib3@1.24.3
Remediation: Pin urllib3 to version 1.25.9
Introduced through: project@0.0.0 › requests-mock@1.3.0 › requests@2.21.0 › urllib3@1.24.3
Remediation: Pin urllib3 to version 1.25.9
Introduced through: project@0.0.0 › slacker@0.8.6 › requests@2.21.0 › urllib3@1.24.3
Remediation: Pin urllib3 to version 1.25.9
Introduced through: project@0.0.0 › wagtail@2.7.4 › requests@2.21.0 › urllib3@1.24.3
Remediation: Pin urllib3 to version 1.25.9
Overview
urllib3 is a HTTP library with thread-safe connection pooling, file post, and more.
Affected versions of this package are vulnerable to HTTP Header Injection. The 'method' parameter is not filtered to prevent the injection from altering the entire request.
HTTP Header Injection
Vulnerable module: urllib3
Introduced through: requests@2.21.0, cachecontrol@0.11.5 and others
Exploit maturity: No known exploit
Fixed in: 1.25.9
Detailed paths and remediation
Introduced through: project@0.0.0 › requests@2.21.0 › urllib3@1.24.3
Remediation: Pin urllib3 to version 1.25.9
Introduced through: project@0.0.0 › cachecontrol@0.11.5 › requests@2.21.0 › urllib3@1.24.3
Remediation: Pin urllib3 to version 1.25.9
Introduced through: project@0.0.0 › cg-django-uaa@2.0.0 › requests@2.21.0 › urllib3@1.24.3
Remediation: Pin urllib3 to version 1.25.9
Introduced through: project@0.0.0 › github3.py@0.9.6 › requests@2.21.0 › urllib3@1.24.3
Remediation: Pin urllib3 to version 1.25.9
Introduced through: project@0.0.0 › requests-mock@1.3.0 › requests@2.21.0 › urllib3@1.24.3
Remediation: Pin urllib3 to version 1.25.9
Introduced through: project@0.0.0 › slacker@0.8.6 › requests@2.21.0 › urllib3@1.24.3
Remediation: Pin urllib3 to version 1.25.9
Introduced through: project@0.0.0 › wagtail@2.7.4 › requests@2.21.0 › urllib3@1.24.3
Remediation: Pin urllib3 to version 1.25.9
Overview
urllib3 is a HTTP library with thread-safe connection pooling, file post, and more.
Affected versions of this package are vulnerable to HTTP Header Injection. The 'method' parameter is not filtered to prevent the injection from altering the entire request.
https://app.snyk.io/vuln/SNYK-PYTHON-URLLIB3-1014645
The text was updated successfully, but these errors were encountered: