PT-2026-51014

Name of the Vulnerable Software and Affected Versions urllib3 version 2.6.3 Brotli version 1.2.0 Description A decompression bomb bypass exists in the streaming API preload content=False when Brotli support is used. This occurs because three independent code paths in response.py bypass the max...