by vicarius
log in join community
by @Smartkeyss
20 Jun 2024
#novel_exploit_analysis

An exploitation of a CVE vulnerability that has no prior exploit

publish

Proxy-Authorization header handling vulnerability in urllib3 (CVE-2024-37891) - exploit

by @Smartkeyss
by @Smartkeyss
20 Jun 2024
#novel_exploit_analysis

An exploitation of a CVE vulnerability that has no prior exploit

publish

Proxy-Authorization header handling vulnerability in urllib3 (CVE-2024-37891) - exploit

Apps

U
Urllib3Urllib3
1.24.1.*
1.19.1.*
1.21.1.*
1.24.2.*
1.22.*
1.18.*
1.20.*
1.12.*
1.10.2.*
1.15.*

PoC video

Summary

urllib3 is a user-friendly HTTP client library for Python. It automatically strips the Proxy-Authorization header during cross-origin redirects to prevent misuse. This vulnerability is low-risk and only affects users who set this header without using urllib3's proxy support.

general

Description

Tags

#novel_exploit_analysis#CVE-2024-37891#urllib3
users/photos/clsevlral8gef1hon15grbvup.jpg

@Smartkeyss

63 posts

I am just curious 😊 I use simple words to explain complicated things. discord: @rxs_s

Total vcoins

0

Social media links

Comments (0)