OESA-2026-2543

See a problem?
Please try reporting it to the source first.

Source

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2026-2543

Import Source

https://repo.openeuler.org/security/data/osv/OESA-2026-2543.json

JSON Data

https://api.osv.dev/v1/vulns/OESA-2026-2543

Upstream

CVE-2026-44431

Published

2026-06-05T15:48:13Z

Modified

2026-06-05T16:00:31.303789778Z

Summary

python-pip security update

Details

%changelog * Thu May 14 2026 markeryang <747675909@qq.com> - 23.3.1-11 - Fix CVE-2026-3219

Security Fix(es):

When following cross-origin redirects for requests made using urllib3's high-level APIs, such as urllib3.request(), PoolManager.request(), and ProxyManager.request(), sensitive headers — Authorization, Cookie, and Proxy-Authorization (defined in Retry.DEFAULTREMOVEHEADERSONREDIRECT) — are stripped by default, as expected. However, cross-origin redirects followed from the low-level API via ProxyManager.connectionfromurl().urlopen(..., assertsamehost=False) still forward these sensitive headers.(CVE-2026-44431)

Database specific

{
    "severity": "High"
}

References

Affected packages

openEuler:24.03-LTS-SP1 / python-pip

Package

Name: python-pip
Purl: pkg:rpm/openEuler/python-pip&distro=openEuler-24.03-LTS-SP1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

23.3.1-12.oe2403sp1

Ecosystem specific

{
    "src": [
        "python-pip-23.3.1-12.oe2403sp1.src.rpm"
    ],
    "noarch": [
        "python-pip-help-23.3.1-12.oe2403sp1.noarch.rpm",
        "python-pip-wheel-23.3.1-12.oe2403sp1.noarch.rpm",
        "python3-pip-23.3.1-12.oe2403sp1.noarch.rpm"
    ]
}

Database specific

source

"https://repo.openeuler.org/security/data/osv/OESA-2026-2543.json"