14 matches found
Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to urllib3 for python man-in-the-middle and security bypass vulnerabilities( CVE-2021-3572,CVE-2021-28363,)
Summary Potential urllib3 for python man-in-the-middle and security bypass vulnerabilities CVE-2021-28363, CVE-2021-3572 has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. Refer to details for additional information. Vulnerability Details CVEID:CVE-2021-28363...
SUSE CVE-2021-28363
The urllib3 library 1.26.x before 1.26.4 for Python omits SSL certificate validation in some cases involving HTTPS to HTTPS proxies. The initial connection to the HTTPS proxy if an SSLContext isn't given via proxyconfig doesn't verify the hostname of the certificate. This means certificates for...
Amazon Linux 2 : python-pip (ALAS-2021-1667)
It is, therefore, affected by a vulnerability as referenced in the ALAS2-2021-1667 advisory. The urllib3 library 1.26.x before 1.26.4 for Python omits SSL certificate validation in some cases involving HTTPS to HTTPS proxies. The initial connection to the HTTPS proxy if an SSLContext isn't given...
Slackware: Security Advisory (SSA:2022-077-01)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[slackware-security] python3
New python3 packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/python3-3.9.11-i586-1slack15.0.txz: Upgraded. This update fixes bugs and security issues: libexpat upgraded from 2.4.1 to 2.4.7 bundl...
Security Bulletin: urllib upgrade CVE-2021-33503, CVE-2021-28363
Summary The urllib3 library 1.26.x before 1.26.4 for Python omits SSL certificate validation in some cases involving HTTPS to HTTPS proxies. The initial connection to the HTTPS proxy if an SSLContext isn't given via proxyconfig doesn't verify the hostname of the certificate. This means certificat...
Slackware Linux 15.0 / current python3 Vulnerability (SSA:2022-077-01)
The version of python3 installed on the remote host is prior to 3.9.11. It is, therefore, affected by a vulnerability as referenced in the SSA:2022-077-01 advisory. - The urllib3 library 1.26.x before 1.26.4 for Python omits SSL certificate validation in some cases involving HTTPS to HTTPS proxie...
Mageia: Security Advisory (MGASA-2021-0371)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
GLSA-202107-36 : urllib3: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202107-36 urllib3: Multiple vulnerabilities Multiple vulnerabilities have been discovered in urllib3. Please review the CVE identifiers referenced below for details. Impact : An attacker could cause a possible Denial of Service...
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Python urllib3
Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Python urllib3. Vulnerability Details CVEID: CVE-2021-28363 DESCRIPTION: urllib3 for python is vulnerable to a man-in-the-middle attack, caused by improper certificate validation in some cases involving HTTPS...
Medium: python-pip
Issue Overview: A flaw was found in python-urllib3. SSL certificate validation is omitted in some cases involving HTTPS to HTTPS proxies. The initial connection to the HTTPS proxy if an SSLContext isn't given via proxyconfig doesn't verify the hostname of the certificate. This means certificates...
170051277-trab-final-gces (>=0.3.0 <=0.5.0), 2022-2-gces-ifpf (=0.3.0) +10388 more potentially affected by CVE-2021-28363 via urllib3 (>=1.26.0 <=1.26.3)
urllib3 PYPI version =1.26.0, =0.3.0, =0.0.1a0, =0.1.0, =0.0.5, =0.1.0, =0.1.0, =1.0.28, =0.6.0, =0.1.10, =16.0.0, =0.0.3, =1.0.0, =1.1.6 and more Source cves: CVE-2021-28363 Source advisory: OSV:GHSA-5PHF-PP7P-VC2R...
CVE-2021-28363
CVE-2021-28363 affects urllib3 for Python: versions 1.26.x before 1.26.4 omit SSL certificate validation when connecting HTTPS to HTTPS proxies, potentially enabling MITM via proxy hostname mismatch. Impact is partial confidentiality. Remediation: upgrade urllib3 to 1.26.4 or later (patched versi...
CVE-2021-28363
The urllib3 library 1.26.x before 1.26.4 for Python omits SSL certificate validation in some cases involving HTTPS to HTTPS proxies. The initial connection to the HTTPS proxy if an SSLContext isn't given via proxyconfig doesn't verify the hostname of the certificate. This means certificates for...