Product
Sensitive headers (`Authorization`, `Cookie`, and `Proxy-Authorization`) are forwarded across origins in proxied low-level redirects when using `HTTPConnection.urlopen()` instances created via `ProxyManager.connection_from_url()` in urllib3 versions before 2.7.0, potentially exposing credentials to unintended third parties; upgrade to version 2.7.0 or later to remediate this issue.