VDB

RHSA-2026%3A24009

RHSA-2026%3A24009 PUBLISHED CVSS 5.900000095367432 MEDIUM

A flaw was found in urllib3, an HTTP client library for Python. When using the low-level API via `ProxyManager.connection_from_url().urlopen()` with `assert_same_host=False`, cross-origin redirects can still forward sensitive headers. This could allow a remote attacker to gain unauthorized access to sensitive information.

Risk Scores

CVSS 3.1
5.900000095367432
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected Products

VendorProductVersions
Red Hatpython-urllib3-main@src as a component of Red Hat Hardened Images*
Red Hatpython-urllib3-main@noarch as a component of Red Hat Hardened Images*

Timeline

  • Jun 7, 2026 CVE Published
  • Jun 23, 2026 CVE Updated
  • Jun 23, 2026 Distribution Patch
  • Jun 23, 2026 Distribution Patch
  • Jun 23, 2026 Security Advisory
  • Jun 23, 2026 Security Advisory
  • Jun 23, 2026 Security Advisory
Open in Interactive Console →
$ Console Community · 100/wk Open console ›