Vulnerability Description
The Mechanize library is used for automating interaction with websites. Mechanize automatically stores and sends cookies, follows redirects, and can follow links and submit forms. In versions prior to 2.8.5 the Authorization header is leaked after a redirect to a different port on the same site. Users are advised to upgrade to Mechanize v2.8.5 or later. There are no known workarounds for this issue.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mechanize Project | Mechanize | < 2.8.5 |
| Fedoraproject | Fedora | 35 |
Related Weaknesses (CWE)
References
- https://github.com/sparklemotion/mechanize/commit/c7fe6996a5b95f9880653ba3bc548aPatchThird Party Advisory
- https://github.com/sparklemotion/mechanize/security/advisories/GHSA-64qm-hrgp-pgThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://github.com/sparklemotion/mechanize/commit/c7fe6996a5b95f9880653ba3bc548aPatchThird Party Advisory
- https://github.com/sparklemotion/mechanize/security/advisories/GHSA-64qm-hrgp-pgThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
FAQ
What is CVE-2022-31033?
CVE-2022-31033 is a vulnerability with a CVSS score of 5.9 (MEDIUM). The Mechanize library is used for automating interaction with websites. Mechanize automatically stores and sends cookies, follows redirects, and can follow links and submit forms. In versions prior to...
How severe is CVE-2022-31033?
CVE-2022-31033 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-31033?
Check the references section above for vendor advisories and patch information. Affected products include: Mechanize Project Mechanize, Fedoraproject Fedora.