Upgrade RHEL:8 python27:2.7/python2-pip-wheel to version 0:9.0.3-18.module+el8.3.0+7707+eb4bba01 or higher. This issue was patched in RHSA-2021:1761 .

Cross-site Scripting (XSS) in python27:2.7/python2-pip-wheel | CVE-2020-27783

Threat Intelligence

0.46% (76^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk IDSNYK-RHEL8-PYTHON27-3720372
published26 Jul 2021
disclosed26 Mar 2018

Report a new vulnerability Found a mistake?

Introduced: 26 Mar 2018

CVE-2018-20060 (opens in a new tab) CWE-522 (opens in a new tab)

How to fix?

Upgrade RHEL:8 python27:2.7/python2-pip-wheel to version 0:9.0.3-16.module+el8.2.0+5478+b505947e or higher.
This issue was patched in RHSA-2020:1605.

NVD Description

Note: Versions mentioned in the description apply only to the upstream python27:2.7/python2-pip-wheel package and not the python27:2.7/python2-pip-wheel package as distributed by RHEL. See How to fix? for RHEL:8 relevant fixed versions and status.

urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext.

Insufficiently Protected Credentials Affecting python27:2.7/python2-pip-wheel package, versions <0:9.0.3-16.module+el8.2.0+5478+b505947e

Severity

Threat Intelligence

Do your applications use this vulnerable package?

Introduced: 26 Mar 2018

How to fix?

NVD Description

References