| Description: | The python-urllib3 package provides the Python HTTP module with connection pooling and file POST abilities.
Security Fix(es):
python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure (CVE-2018-20060)
python-urllib3: CRLF injection due to not encoding the '\r\n' sequence leading to possible attack on internal service (CVE-2019-11236)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.
|