|Category:||CentOS Local Security Checks|
|Title:||CentOS: Security Advisory for python-virtualenv (CESA-2020:0851)|
|Summary:||The remote host is missing an update for the 'python-virtualenv'; package(s) announced via the CESA-2020:0851 advisory.|
The remote host is missing an update for the 'python-virtualenv'
package(s) announced via the CESA-2020:0851 advisory.
The virtualenv tool creates isolated Python environments. The virtualenv
tool is a successor to workingenv, and an extension of virtual-python.
* python-urllib3: Cross-host redirect does not remove Authorization header
allow for credential exposure (CVE-2018-20060)
* python-urllib3: CRLF injection due to not encoding the '\r\n' sequence
leading to possible attack on internal service (CVE-2019-11236)
* python-requests: Redirect from HTTPS to HTTP does not remove
Authorization header (CVE-2018-18074)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
'python-virtualenv' package(s) on CentOS 7.
Please install the updated package(s).
Common Vulnerability Exposure (CVE) ID: CVE-2018-18074|
Common Vulnerability Exposure (CVE) ID: CVE-2018-20060
Common Vulnerability Exposure (CVE) ID: CVE-2019-11236
|Copyright||Copyright (C) 2020 Greenbone Networks GmbH|
|This is only one of 85075 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.