{"id":"SUSE-SU-2023:4352-1","summary":"Security update for python-urllib3","details":"This update for python-urllib3 fixes the following issues:\n\n- CVE-2023-45803: Fix a request body leak that could occur when\n  receiving a 303 HTTP response (bsc#1216377).\n- CVE-2018-25091: Fixed a potential leak of the Authorization header\n  during a cross-origin redirect (bsc#1216275).\n- CVE-2023-43804: Fixed a potential cookie leak via HTTP redirect if\n  the user manually set the corresponding header (bsc#1215968).\n","modified":"2026-02-04T02:25:41.827116Z","published":"2023-11-02T16:53:22Z","related":["CVE-2018-25091","CVE-2023-43804","CVE-2023-45803"],"upstream":["CVE-2018-25091","CVE-2023-43804","CVE-2023-45803"],"references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2023/suse-su-20234352-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1215968"},{"type":"REPORT","url":"https://bugzilla.suse.com/1216275"},{"type":"REPORT","url":"https://bugzilla.suse.com/1216377"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-25091"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-43804"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-45803"}],"affected":[{"package":{"name":"python-urllib3","ecosystem":"SUSE:OpenStack Cloud 9","purl":"pkg:rpm/suse/python-urllib3&distro=SUSE%20OpenStack%20Cloud%209"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.23-3.25.1"}]}],"ecosystem_specific":{"binaries":[{"python-urllib3":"1.23-3.25.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:4352-1.json"}},{"package":{"name":"python-urllib3","ecosystem":"SUSE:OpenStack Cloud Crowbar 9","purl":"pkg:rpm/suse/python-urllib3&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.23-3.25.1"}]}],"ecosystem_specific":{"binaries":[{"python-urllib3":"1.23-3.25.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:4352-1.json"}}],"schema_version":"1.7.3"}