Download
| Alert*
ALAS2-2020-1446 --- python-urllib3
urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect . This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext
|