CVEs-PoC/2018/CVE-2018-20060.md at 362e516ff225424bb59cefc38f25b4f908ebeffd

CalvinBackup/CVEs-PoC

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2026-05-12 05:11:38 +02:00

Files

T

0xMarcio cb00e1339f Update CVE list 2025-09-29 21:09

2025-09-29 21:09:30 +02:00

Description

urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext.

POC

Reference

https://github.com/urllib3/urllib3/pull/1346

Github

https://github.com/0xfabiof/aws_inspector_parser
https://github.com/ARPSyndicate/cvemon
https://github.com/n0-traces/cve_monitor

870 B Raw Blame History

CVE-2018-20060

Description

POC

Reference

Github

870 B

Raw Blame History