urllib3, SSRF Vulnerability via Improper Redirect Handling, CVE-2023-43804 (Critical)

How the CVE Works

The vulnerability occurs because urllib3 improperly handles redirects when configured via the `PoolManager` retries parameter. Despite setting retries=0, retries=Retry(redirect=0), or retries=False, the library fails to disable redirects. This allows unintended HTTP redirects, enabling Server-Side Request Forgery (SSRF) or open-redirect attacks. Applications attempting to mitigate SSRF by disabling redirects at the `PoolManager` level remain vulnerable due to this misconfiguration.

DailyCVE Form

Platform: urllib3
Version: <2.0.0
Vulnerability: Improper Redirect Handling
Severity: Critical
Date: 2023-10-11

Prediction: Patch by Q4 2023

What Undercode Say

import urllib3
http = urllib3.PoolManager(retries=0) Flawed redirect disable
resp = http.request("GET", "https://evil.com/redirect") Still follows redirects

How Exploit

1. Attacker crafts malicious URL.

2. Server processes redirect, exposing internal services.

3. SSRF leads to data exfiltration.

Protection from this CVE

Upgrade to urllib3 >=2.0.0.
Disable redirects per-request (redirect=False).
Validate URLs pre-request.

Impact

SSRF exploitation.
Internal network exposure.
Bypassed security controls.

Sources:

Reported By: github.com
Extra Source Hub:
Undercode

Join Our Cyber World:

💬 Whatsapp | 💬 Telegram

Listen to this Post