CVE-2023-43804

CWE-200Information ExposureCWE-79Cross-site Scripting (XSS)14 documents9 sources
Severity
8.1HIGH
EPSS
0.9%
top 23.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Urllib3 Urllib3Python Urllib3Debian Debian Linux+1 more
Timeline
PublishedOct 4
Latest updateSep 17

Description

urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. This issue has been patched in urllib3 version 1.26.17 or 2.0.5.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:NExploitability: 0.7 | Impact: 5.2

Affected Packages5 packages

NVDpython/urllib32.0.02.0.6+1
Debianpython-urllib3< 1.26.5-1~exp1+deb11u1+3
Ubuntupython-urllib3< 1.25.8-2ubuntu0.3+3
PyPIurllib32.0.02.0.6+1
CVEListV5urllib3/urllib3< 1.26.17+1

Also affects: Debian Linux 10.0, Fedora 37, 38, 39

Patches

Patch: github.comPatch: github.comPatch: github.com

🔴Vulnerability Details

7
GHSA
Liferay search widget vulnerable to Cross-site Scripting2025-09-17
OSV
python-pip vulnerabilities2023-11-15
OSV
python-urllib3 vulnerabilities2023-11-07
OSV
CVE-2023-43804: urllib3 is a user-friendly HTTP client library for Python2023-10-04
CVEList
`Cookie` HTTP header isn't stripped on cross-origin redirects2023-10-04

📋Vendor Advisories

6
Oracle
Oracle Oracle Analytics Risk Matrix: Analytics Server (urllib3) — CVE-2023-438042024-04-15
Ubuntu
pip vulnerabilities2023-11-15
Ubuntu
urllib3 vulnerabilities2023-11-07
Microsoft
`Cookie` HTTP header isn't stripped on cross-origin redirects2023-10-10
Red Hat
python-urllib3: Cookie request header isn't stripped during cross-origin redirects2023-10-04
CVE-2023-43804 (HIGH CVSS 8.1) | urllib3 is a user-friendly HTTP cli | cvebase.io