urllib3 vulnerability #3181
Description
Problem
urllib3 vulnerability .Trivy complains about the following version 1.26.11 due to GHSA-v845-jxx5-vc9f. Note the link below currently yields a 404 😒 .
| Library | Vulnerability | Severity | Installed Version | Fixed Version | Title |
|---|---|---|---|---|---|
| urllib3 | CVE-2023-43804 | MEDIUM | 1.26.11 | 2.0.6, 1.26.17 | Cookie HTTP header isn't stripped on cross-origin redirects https://avd.aquasec.com/nvd/cve-2023-43804 |
Anything Else?
It looks like this is being addressed in #3180 Is this close to being in a merge-able state?