{"id":"ALSA-2024:8842","summary":"Moderate: python3.12-urllib3 security update","details":"urllib3 is a powerful, user-friendly HTTP client for Python. urllib3 brings many critical features that are missing from the Python standard libraries:   \n• Thread safety.  \n• Connection pooling.  \n• Client-side SSL/TLS verification.  \n• File uploads with multipart encoding.  \n• Helpers for retrying requests and dealing with HTTP redirects.  \n• Support for gzip, deflate, brotli, and zstd encoding.  \n• Proxy support for HTTP and SOCKS.  \n• 100% test coverage.  \n\nSecurity Fix(es):  \n\n  * urllib3: proxy-authorization request header is not stripped during cross-origin redirects (CVE-2024-37891)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n","modified":"2026-02-04T03:57:47.943993Z","published":"2024-11-05T00:00:00Z","related":["CVE-2024-37891"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:8842"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2024-37891"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2292788"},{"type":"ADVISORY","url":"https://errata.almalinux.org/8/ALSA-2024-8842.html"}],"affected":[{"package":{"name":"python3.12-urllib3","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python3.12-urllib3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.26.19-1.el8_10"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:8842.json"}}],"schema_version":"1.7.3"}