Warning: file_get_contents(/data/phpspider/zhask/data//catemap/2/python/302.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
AquaSec报告的python urlib3漏洞扫描_Python_Docker_Security - Fatal编程技术网
Fatal编程技术网
  • python/
  • AquaSec报告的python urlib3漏洞扫描

AquaSec报告的python urlib3漏洞扫描

python docker security

AquaSec报告的python urlib3漏洞扫描,python,docker,security,Python,Docker,Security,我的python docker映像在requests.txt中使用urllib3作为1.25.9。但是,Aquasec报告了一个漏洞问题,即使用1.23版之前的urllib3。我应该如何解决这个问题?我需要贴些补丁吗?谢谢 urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that di

我的python docker映像在requests.txt中使用urllib3作为1.25.9。但是,Aquasec报告了一个漏洞问题,即使用1.23版之前的urllib3。我应该如何解决这个问题?我需要贴些补丁吗?谢谢

urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext.
可能是你的假阳性?这在所有用于安全分析的静态分析工具中都很常见。它们产生的噪音很大。通常,他们报告的90%的问题是误报