UBUNTU-CVE-2026-48522

PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient passes its uri argument directly to urllib.request.urlopen which uses Python stdlib's default OpenerDirector registering HTTPHandler, HTTPSHandler, FTPHandler, FileHandler, and DataHandler. There is currently no...

Python 资源管理错误漏洞

Python is an open source, object-oriented programming language from the Python Foundation. The language is extensible, supports modules and packages, and supports multiple platforms. A resource management error vulnerability exists in the AbstractBasicAuthHandler class of python urllib, which ste...

python: urllib: Regular expression DoS in AbstractBasicAuthHandler

There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client such as web browser connects to, could trigger a Regular Expression Denial of Service ReDOS during an authentication request with a specially crafted payload that is sen...

Anaconda has an arbitrary file read vulnerability

Anaconda refers to an open source Python distribution that contains more than 180 scientific packages such as conda, Python, and their dependencies. Anaconda for linux Python urllib suffers from an arbitrary file read vulnerability. An attacker can exploit this vulnerability to read arbitrary fil...