ISHACK AI BOT

Debian: CVE-2023-5632: mosquitto -- security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 10/18/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description In Eclipse Mosquito before and including 2.0.5, establishing a connection to the mosquitto server without sending data causes the EPOLLOUT event to be added, which results excessive CPU consumption. This could be used by a malicious actor to perform denial of service type attack. This issue is fixed in 2.0.6 Solution(s) debian-upgrade-mosquitto References https://attackerkb.com/topics/cve-2023-5632 CVE - 2023-5632

Oracle Linux: CVE-2023-45145: ELSA-2024-10869:redis:7 security update (MODERATE) (Multiple Advisories) Severity 2 CVSS (AV:L/AC:H/Au:S/C:P/I:P/A:N) Published 10/18/2023 Created 12/10/2024 Added 12/07/2024 Modified 02/05/2025 Description Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask(2) is used, this creates a race condition that enables, during a short period of time, another process to establish an otherwise unauthorized connection. This problem has existed since Redis 2.6.0-RC1. This issue has been addressed in Redis versions 7.2.2, 7.0.14 and 6.2.14. Users are advised to upgrade. For users unable to upgrade, it is possible to work around the problem by disabling Unix sockets, starting Redis with a restrictive umask, or storing the Unix socket file in a protected directory. A flaw was found in Redis, an in-memory database that persists on disk. On startup, Redis listens on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask(2) is used, this creates a race condition that enables, during a short period of time, another process to establish an otherwise unauthorized connection. Solution(s) oracle-linux-upgrade-redis oracle-linux-upgrade-redis-devel oracle-linux-upgrade-redis-doc References https://attackerkb.com/topics/cve-2023-45145 CVE - 2023-45145 ELSA-2024-10869 ELSA-2025-0595 ELSA-2025-0693

OS X update for Accessibility (CVE-2023-38546) Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 10/18/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

VMware Photon OS: CVE-2023-38545 Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 10/18/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name to the SOCKS5 proxy to allow that to resolve the address instead of it getting done by curl itself, the maximum length that host name can be is 255 bytes. If the host name is detected to be longer, curl switches to local name resolving and instead passes on the resolved address only. Due to this bug, the local variable that means "let the host resolve the name" could get the wrong value during a slow SOCKS5 handshake, and contrary to the intention, copy the too long host name to the target buffer instead of copying just the resolved address there. The target buffer being a heap based buffer, and the host name coming from the URL that curl has been told to operate with. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-38545 CVE - 2023-38545

OS X update for Accessibility (CVE-2023-38545) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 10/18/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Rocky Linux: CVE-2023-39332: nodejs-20 (RLSA-2023-7205) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 10/18/2023 Created 03/07/2024 Added 08/15/2024 Modified 01/28/2025 Description Deprecated Solution(s)

HP iLO: CVE-2023-30911: Denial of Service Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 10/18/2023 Created 06/04/2024 Added 06/04/2024 Modified 01/28/2025 Description HPE Integrated Lights-Out 5, and Integrated Lights-Out 6 using iLOrest may cause denial of service. Solution(s) hp-ilo-5-upgrade-2_98 hp-ilo-6-upgrade-1_53 References https://attackerkb.com/topics/cve-2023-30911 CVE - 2023-30911 https://support.hpe.com/hpsc/doc/public/display?docId=hpesbhf04544en_us&docLocale=en_US

OS X update for AppleVA (CVE-2023-38545) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 10/18/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Cisco Catalyst SD-WAN: CVE-2023-20261: Cisco Catalyst SD-WAN Manager Local File Inclusion Vulnerability Severity 7 CVSS (AV:N/AC:L/Au:S/C:C/I:N/A:N) Published 10/18/2023 Created 07/02/2024 Added 06/25/2024 Modified 08/29/2024 Description A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to retrieve arbitrary files from an affected system. This vulnerability is due to improper validation of parameters that are sent to the web UI. An attacker could exploit this vulnerability by logging in to Cisco Catalyst SD-WAN Manager and issuing crafted requests using the web UI. A successful exploit could allow the attacker to obtain arbitrary files from the underlying Linux file system of an affected system. To exploit this vulnerability, the attacker must be an authenticated user. Solution(s) cisco-catalyst-sdwan-update-latest References https://attackerkb.com/topics/cve-2023-20261 CVE - 2023-20261 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-lfi-OWLbKUGe cisco-sa-sdwan-lfi-OWLbKUGe

OS X update for AVEVideoEncoder (CVE-2023-38546) Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 10/18/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for AVEVideoEncoder (CVE-2023-38545) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 10/18/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

CentOS Linux: CVE-2023-38552: Important: nodejs:18 security update (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 10/18/2023 Created 11/01/2023 Added 11/01/2023 Modified 01/28/2025 Description When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to the node's policy implementation, thus effectively disabling the integrity check. Impacts: This vulnerability affects all users using the experimental policy mechanism in all active release lines: 18.x and, 20.x. Please note that at the time this CVE was issued, the policy mechanism is an experimental feature of Node.js. Solution(s) centos-upgrade-nodejs centos-upgrade-nodejs-debuginfo centos-upgrade-nodejs-debugsource centos-upgrade-nodejs-devel centos-upgrade-nodejs-docs centos-upgrade-nodejs-full-i18n centos-upgrade-nodejs-nodemon centos-upgrade-nodejs-packaging centos-upgrade-nodejs-packaging-bundler centos-upgrade-npm References CVE-2023-38552

Alma Linux: CVE-2023-39333: Important: nodejs:18 security update (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/18/2023 Created 10/24/2023 Added 10/23/2023 Modified 09/20/2024 Description Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module was a JavaScript module. This vulnerability affects users of any active release line of Node.js. The vulnerable feature is only available if Node.js is started with the `--experimental-wasm-modules` command line option. Solution(s) alma-upgrade-nodejs alma-upgrade-nodejs-devel alma-upgrade-nodejs-docs alma-upgrade-nodejs-full-i18n alma-upgrade-nodejs-nodemon alma-upgrade-nodejs-packaging alma-upgrade-nodejs-packaging-bundler alma-upgrade-npm References https://attackerkb.com/topics/cve-2023-39333 CVE - 2023-39333 https://errata.almalinux.org/8/ALSA-2023-5869.html https://errata.almalinux.org/8/ALSA-2023-7205.html https://errata.almalinux.org/9/ALSA-2023-5849.html

Alpine Linux: CVE-2023-38546: Vulnerability in Multiple Components Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 10/18/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description This flaw allows an attacker to insert cookies at will into a running program using libcurl, if the specific series of conditions are met. libcurl performs transfers. In its API, an application creates "easy handles" that are the individual handles for single transfers. libcurl provides a function call that duplicates en easy handle called [curl_easy_duphandle](https://curl.se/libcurl/c/curl_easy_duphandle.html). If a transfer has cookies enabled when the handle is duplicated, the cookie-enable state is also cloned - but without cloning the actual cookies. If the source handle did not read any cookies from a specific file on disk, the cloned version of the handle would instead store the file name as `none` (using the four ASCII letters, no quotes). Subsequent use of the cloned handle that does not explicitly set a source to load cookies from would then inadvertently load cookies from a file named `none` - if such a file exists and is readable in the current directory of the program using libcurl. And if using the correct file format of course. Solution(s) alpine-linux-upgrade-curl References https://attackerkb.com/topics/cve-2023-38546 CVE - 2023-38546 https://security.alpinelinux.org/vuln/CVE-2023-38546

Alma Linux: CVE-2023-39332: Important: nodejs:20 security update (ALSA-2023-7205) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 10/18/2023 Created 11/29/2023 Added 11/28/2023 Modified 01/30/2025 Description Various `node:fs` functions allow specifying paths as either strings or `Uint8Array` objects. In Node.js environments, the `Buffer` class extends the `Uint8Array` class. Node.js prevents path traversal through strings (see CVE-2023-30584) and `Buffer` objects (see CVE-2023-32004), but not through non-`Buffer` `Uint8Array` objects. This is distinct from CVE-2023-32004 which only referred to `Buffer` objects. However, the vulnerability follows the same pattern using `Uint8Array` instead of `Buffer`. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js. Solution(s) alma-upgrade-nodejs alma-upgrade-nodejs-devel alma-upgrade-nodejs-docs alma-upgrade-nodejs-full-i18n alma-upgrade-nodejs-nodemon alma-upgrade-nodejs-packaging alma-upgrade-nodejs-packaging-bundler alma-upgrade-npm References https://attackerkb.com/topics/cve-2023-39332 CVE - 2023-39332 https://errata.almalinux.org/8/ALSA-2023-7205.html

Ubuntu: USN-6459-1 (CVE-2023-22078): MySQL vulnerabilities Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 10/17/2023 Created 11/01/2023 Added 11/01/2023 Modified 01/28/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).Supported versions that are affected are 8.0.34 and prior and8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) ubuntu-upgrade-mysql-server-8-0 References https://attackerkb.com/topics/cve-2023-22078 CVE - 2023-22078 USN-6459-1

Rocky Linux: CVE-2023-22084: mariadb-10.5 (RLSA-2025-0739) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/17/2023 Created 02/15/2025 Added 02/14/2025 Modified 02/14/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).Supported versions that are affected are 5.7.43 and prior, 8.0.34 and prior and8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) rocky-upgrade-galera rocky-upgrade-galera-debuginfo rocky-upgrade-galera-debugsource rocky-upgrade-judy rocky-upgrade-judy-debuginfo rocky-upgrade-judy-debugsource rocky-upgrade-mariadb rocky-upgrade-mariadb-backup rocky-upgrade-mariadb-backup-debuginfo rocky-upgrade-mariadb-common rocky-upgrade-mariadb-debuginfo rocky-upgrade-mariadb-debugsource rocky-upgrade-mariadb-devel rocky-upgrade-mariadb-embedded rocky-upgrade-mariadb-embedded-debuginfo rocky-upgrade-mariadb-embedded-devel rocky-upgrade-mariadb-errmsg rocky-upgrade-mariadb-gssapi-server rocky-upgrade-mariadb-gssapi-server-debuginfo rocky-upgrade-mariadb-oqgraph-engine rocky-upgrade-mariadb-oqgraph-engine-debuginfo rocky-upgrade-mariadb-pam rocky-upgrade-mariadb-pam-debuginfo rocky-upgrade-mariadb-server rocky-upgrade-mariadb-server-debuginfo rocky-upgrade-mariadb-server-galera rocky-upgrade-mariadb-server-utils rocky-upgrade-mariadb-server-utils-debuginfo rocky-upgrade-mariadb-test rocky-upgrade-mariadb-test-debuginfo References https://attackerkb.com/topics/cve-2023-22084 CVE - 2023-22084 https://errata.rockylinux.org/RLSA-2025:0739

Oracle MySQL Vulnerability: CVE-2023-22097 Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 10/17/2023 Created 10/24/2023 Added 10/23/2023 Modified 01/28/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).Supported versions that are affected are 8.0.34 and prior and8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) mysql-upgrade-latest References https://attackerkb.com/topics/cve-2023-22097 CVE - 2023-22097 https://www.oracle.com/security-alerts/cpuoct2023.html

Ubuntu: (Multiple Advisories) (CVE-2023-22025): OpenJDK vulnerabilities Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 10/17/2023 Created 12/01/2023 Added 11/30/2023 Modified 01/28/2025 Description Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, product of Oracle Java SE (component: Hotspot).Supported versions that are affected are Oracle Java SE: 8u381-perf, 17.0.8, 21; Oracle GraalVM for JDK: 17.0.8, 21; Oracle GraalVM Enterprise Edition: 21.3.7 and22.3.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition,.Successful attacks of this vulnerability can result inunauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). Solution(s) ubuntu-upgrade-openjdk-11-jdk ubuntu-upgrade-openjdk-11-jdk-headless ubuntu-upgrade-openjdk-11-jre ubuntu-upgrade-openjdk-11-jre-headless ubuntu-upgrade-openjdk-11-jre-zero ubuntu-upgrade-openjdk-17-jdk ubuntu-upgrade-openjdk-17-jdk-headless ubuntu-upgrade-openjdk-17-jre ubuntu-upgrade-openjdk-17-jre-headless ubuntu-upgrade-openjdk-17-jre-zero ubuntu-upgrade-openjdk-21-jdk ubuntu-upgrade-openjdk-21-jdk-headless ubuntu-upgrade-openjdk-21-jre ubuntu-upgrade-openjdk-21-jre-headless ubuntu-upgrade-openjdk-21-jre-zero ubuntu-upgrade-openjdk-8-jdk ubuntu-upgrade-openjdk-8-jdk-headless ubuntu-upgrade-openjdk-8-jre ubuntu-upgrade-openjdk-8-jre-headless ubuntu-upgrade-openjdk-8-jre-jamvm ubuntu-upgrade-openjdk-8-jre-zero References https://attackerkb.com/topics/cve-2023-22025 CVE - 2023-22025 USN-6527-1 USN-6528-1

Ubuntu: USN-6288-2 (CVE-2023-22026): MySQL vulnerability Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 10/17/2023 Created 01/23/2024 Added 01/22/2024 Modified 01/28/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).Supported versions that are affected are 5.7.42 and prior and8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) ubuntu-pro-upgrade-mysql-server-5-7 References https://attackerkb.com/topics/cve-2023-22026 CVE - 2023-22026 USN-6288-2

FreeBSD: VID-22DF5074-71CD-11EE-85EB-84A93843EB75 (CVE-2023-22111): MySQL -- Multiple vulnerabilities Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 10/17/2023 Created 10/26/2023 Added 10/24/2023 Modified 01/28/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: UDF).Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) freebsd-upgrade-package-mysql-connector-c freebsd-upgrade-package-mysql-connector-j freebsd-upgrade-package-mysql-connector-odbc freebsd-upgrade-package-mysql57-server freebsd-upgrade-package-mysql80-server References CVE-2023-22111

FreeBSD: (Multiple Advisories) (CVE-2023-22084): MariaDB -- Denial-of-Service vulnerability Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 10/17/2023 Created 10/26/2023 Added 10/24/2023 Modified 01/28/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).Supported versions that are affected are 5.7.43 and prior, 8.0.34 and prior and8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) freebsd-upgrade-package-mariadb1011-server freebsd-upgrade-package-mariadb105-server freebsd-upgrade-package-mariadb106-server freebsd-upgrade-package-mysql-connector-c freebsd-upgrade-package-mysql-connector-j freebsd-upgrade-package-mysql-connector-odbc freebsd-upgrade-package-mysql57-server freebsd-upgrade-package-mysql80-server References CVE-2023-22084

FreeBSD: VID-22DF5074-71CD-11EE-85EB-84A93843EB75 (CVE-2023-22095): MySQL -- Multiple vulnerabilities Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 10/17/2023 Created 10/26/2023 Added 10/24/2023 Modified 01/28/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). The supported version that is affected is 8.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Solution(s) freebsd-upgrade-package-mysql-connector-c freebsd-upgrade-package-mysql-connector-j freebsd-upgrade-package-mysql-connector-odbc freebsd-upgrade-package-mysql57-server freebsd-upgrade-package-mysql80-server References CVE-2023-22095

FreeBSD: VID-22DF5074-71CD-11EE-85EB-84A93843EB75 (CVE-2023-22079): MySQL -- Multiple vulnerabilities Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 10/17/2023 Created 10/26/2023 Added 10/24/2023 Modified 01/28/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Solution(s) freebsd-upgrade-package-mysql-connector-c freebsd-upgrade-package-mysql-connector-j freebsd-upgrade-package-mysql-connector-odbc freebsd-upgrade-package-mysql57-server freebsd-upgrade-package-mysql80-server References CVE-2023-22079

Amazon Linux AMI 2: CVE-2023-45803: Security patch for python-urllib3 (ALAS-2024-2387) Severity 5 CVSS (AV:A/AC:M/Au:M/C:C/I:N/A:N) Published 10/17/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/30/2025 Description urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one that could accept a request body (like `POST`) to `GET` as is required by HTTP RFCs. Although this behavior is not specified in the section for redirects, it can be inferred by piecing together information from different sections and we have observed the behavior in other major HTTP client implementations like curl and web browsers. Because the vulnerability requires a previously trusted service to become compromised in order to have an impact on confidentiality we believe the exploitability of this vulnerability is low. Additionally, many users aren't putting sensitive data in HTTP request bodies, if this is the case then this vulnerability isn't exploitable. Both of the following conditions must be true to be affected by this vulnerability: 1. Using urllib3 and submitting sensitive information in the HTTP request body (such as form data or JSON) and 2. The origin service is compromised and starts redirecting using 301, 302, or 303 to a malicious peer or the redirected-to service becomes compromised. This issue has been addressed in versions 1.26.18 and 2.0.7 and users are advised to update to resolve this issue. Users unable to update should disable redirects for services that aren't expecting to respond with redirects with `redirects=False` and disable automatic redirects with `redirects=False` and handle 301, 302, and 303 redirects manually by stripping the HTTP request body. Solution(s) amazon-linux-ami-2-upgrade-python-urllib3 References https://attackerkb.com/topics/cve-2023-45803 AL2/ALAS-2024-2387 CVE - 2023-45803