The vulnerability of the Python urllib3 HTTP client, related to uncontrolled resource consumption, allows a hacker to perform a denial-of-service attack.

🗓️ 04 Feb 2022 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 2 Views

Python urllib3 HTTP client vulnerability causes uncontrolled resource use and denial of service.

Reporter	Title	Published	Views	Family All 270
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Urllib3 and react-bootstrap-table affect IBM Spectrum Discover.	22 Oct 202116:31	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in urllib3 affects IBM Integrated Analytics System [CVE-2023-43804, CVE-2021-33503].	15 Oct 202409:46	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in Python-urllib3 affects IBM Cloud Pak for Data System 2.0 (CPDS2.0)	11 Mar 202413:16	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOPs	25 Oct 202214:32	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Redis, MinIO, Golang, and Urllib3 affect IBM Spectrum Protect Plus Container Backup and Restore for Kubernetes and OpenShift	28 Jun 202120:36	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in Urllib3 affects IBM Spectrum Protect Plus Microsoft File Systems Backup and Restore (CVE-2021-33503)	1 Sep 202109:12	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in urllib3 affects IBM Cloud Pak for Data System 1.0(CPDS 1.0)[CVE-2020-26137, CVE-2020-7212, CVE-2021-33503]	3 May 202507:17	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar Advisor With Watson uses components with known vulnerabilities (CVE-2020-36242, CVE-2021-33503, CVE-2020-28493)	20 Oct 202119:08	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in urllib3 affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0)[CVE-2021-33503]	11 Mar 202413:08	–	ibm
IBM Security Bulletins	Security Bulletin: Netcool Operations Insight v1.6.4 contains fixes for multiple security vulnerabilities.	14 Jun 202215:48	–	ibm

Vulners

Node

andrey_petrov urllib3Range<1.26.5

OR

ibm ibm_qradar_advisorRange<2.6.2

OR

fedora fedoraMatch33

OR

fedora fedoraMatch34

Source	Link
access	www.access.redhat.com/security/cve/cve-2021-4122
redos	www.redos.red-soft.ru/support/secure/
cybersecurity-help	www.cybersecurity-help.cz/vdb/SB2021061305
lists	www.lists.fedoraproject.org/archives/list/[email protected]/message/FMUGWEAUYGGHTPPXT6YBD53WYXQGVV73/
lists	www.lists.fedoraproject.org/archives/list/[email protected]/message/6SCV7ZNAHS3E6PBFLJGENCDRDRWRZZ6W/
github	www.github.com/urllib3/urllib3/commit/2d4a3fee6de2fa45eb82169361918f759269b4ec
ibm	www.ibm.com/support/pages/node/6507113
xn--80ahaefyxhn	www.xn--80ahaefyxhn.xn--j1afgaq.xn--p1ai/bin/view/%D0%9E%D0%A1%D0%BD%D0%BE%D0%B2%D0%B0/%D0%9E%D0%B1%D0%BD%D0%BE%D0%B2%D0%BB%D0%B5%D0%BD%D0%B8%D1%8F/2.8/
wiki	www.wiki.astralinux.ru/astra-linux-se17-bulletin-2023-1023SE17
abf	www.abf.rosa.ru/advisories/ROSA-SA-2025-2772

19 Mar 2025 00:00Current

7.1High risk

Vulners AI Score7.1

CVSS 37.5

CVSS 27.8

EPSS0.03273

Python urllib3 client uncontrolled resource usage denial of service remote attacker