RHSA-2020:1605MediumCVSS 7.5

Red Hat Security Advisory: python27:2.7 security, bug fix, and enhancement update

Published
April 28, 2020
Last Modified
June 27, 2026

🔗 CVE IDs covered (7)

📋 Description

CVE-2018-18074 — python-requests: Redirect from HTTPS to HTTP does not remove Authorization header CVE-2018-20060 — python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure CVE-2018-20852 — python: Cookie domain check returns incorrect results CVE-2019-11236 — python-urllib3: CRLF injection due to not encoding the '\r\n' sequence leading to possible attack on internal service CVE-2019-11324 — python-urllib3: Certification mishandle when error should be thrown CVE-2019-16056 — python: email.utils.parseaddr wrongly parses email addresses CVE-2019-16935 — python: XSS vulnerability in the documentation XML-RPC server in server_title field

🔗 References (12)