Lucene search
K

149 matches found

Tenable Nessus
Tenable Nessus
added 2026/01/05 12:0 a.m.4 views

Amazon Linux 2 : python-urllib3, --advisory ALAS2-2025-3110 (ALAS-2025-3110)

The version of python-urllib3 installed on the remote host is prior to 1.25.9-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3110 advisory. urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number...

8.9CVSS7.5AI score0.00633EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/12/26 12:0 a.m.3 views

TencentOS Server 4: python-urllib3 (TSSA-2025:0972)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0972 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

8.9CVSS6.4AI score0.00633EPSS
Exploits1References3
Veracode
Veracode
added 2025/12/13 7:33 a.m.8 views

Denial Of Service (DoS)

urllib3 is vulnerable to a Denial-Of-Service DoS. The vulnerability is due to an unbounded decompression chain, where nested compression layers are not limited, allowing a malicious server to send specially crafted responses that trigger excessive CPU usage and large memory allocation during...

8.9CVSS7.4AI score0.00633EPSS
Exploits0References2Affected Software2
SUSE CVE
SUSE CVE
added 2025/12/12 12:24 a.m.3 views

SUSE CVE-2025-66418

urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps leading to high CPU usage and massive memory...

5.3CVSS6.8AI score0.00633EPSS
Exploits0References23
Hacker One
Hacker One
added 2025/12/08 1:21 a.m.10 views

Node.js: Unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion

A vulnerability was discovered in the Fetch API of Node.js that allowed an unbounded number of links in the decompression chain for HTTP responses. This could lead to resource exhaustion, as the default maxHeaderSize allowed a malicious server to insert thousands of compression steps, resulting i...

5.6AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/12/08 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2025-66418

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was...

8.9CVSS6.8AI score0.00633EPSS
Exploits0References2
OSV
OSV
added 2025/12/05 6:15 p.m.4 views

GHSA-GM62-XV2J-4W53 urllib3 allows an unbounded number of links in the decompression chain

Impact urllib3 supports chained HTTP encoding algorithms for response content according to RFC 9110 e.g., Content-Encoding: gzip, zstd. However, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps...

8.9CVSS6.7AI score0.00633EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/12/05 6:15 p.m.13 views

urllib3 allows an unbounded number of links in the decompression chain

Impact urllib3 supports chained HTTP encoding algorithms for response content according to RFC 9110 e.g., Content-Encoding: gzip, zstd. However, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps...

8.9CVSS6.8AI score0.00633EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2025/12/05 4:15 p.m.6 views

AZL-71846 CVE-2025-66418 affecting package python-urllib3 for versions less than 1.26.19-3

urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps leading to high CPU usage and massive memory...

8.9CVSS6.6AI score0.00633EPSS
Exploits0References1
OSV
OSV
added 2025/12/05 4:15 p.m.16 views

AZL-71834 CVE-2025-66418 affecting package python-urllib3 for versions less than 2.0.7-3

urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps leading to high CPU usage and massive memory...

8.9CVSS6.7AI score0.00633EPSS
Exploits0References1
OSV
OSV
added 2025/12/05 4:15 p.m.6 views

ALPINE-CVE-2025-66418

urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps leading to high CPU usage and massive memory...

7.5CVSS5.5AI score0.00633EPSS
Exploits0References1
OSV
OSV
added 2025/12/05 4:15 p.m.3 views

UBUNTU-CVE-2025-66418

urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps leading to high CPU usage and massive memory...

8.9CVSS6.7AI score0.00633EPSS
Exploits0References7
CVE
CVE
added 2025/12/05 4:2 p.m.45 views

CVE-2025-66418

The connected advisories confirm CVE-2025-66418 affects urllib3 (Python) via an unbounded decompression chain in versions 1.24 up to before 2.6.0, enabling high CPU and memory usage; remediation is to upgrade to 2.6.0 or later. Additional advisories note related issues: CVE-2025-66471 (Streaming ...

8.9CVSS6.3AI score0.00633EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2025/12/05 4:2 p.m.3 views

EUVD-2025-201421

urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps leading to high CPU usage and massive memory...

8.9CVSS6.2AI score0.00633EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/05 4:2 p.m.2 views

CVE-2025-66418 urllib3 allows an unbounded number of links in the decompression chain

urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps leading to high CPU usage and massive memory...

8.9CVSS6.3AI score0.00633EPSS
Exploits0References2
NVD
NVD
added 2025/10/22 10:15 p.m.6 views

CVE-2025-62706

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.5, Authlib’s JWE zip=DEF path performs unbounded DEFLATE decompression. A very small ciphertext can expand into tens or hundreds of megabytes on decrypt, allowing an attacker who can supply decryptable...

6.5CVSS0.00418EPSS
Exploits1References3
OSV
OSV
added 2025/10/22 10:15 p.m.5 views

UBUNTU-CVE-2025-62706

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.5, Authlib’s JWE zip=DEF path performs unbounded DEFLATE decompression. A very small ciphertext can expand into tens or hundreds of megabytes on decrypt, allowing an attacker who can supply decryptable...

6.5CVSS7AI score0.00418EPSS
Exploits1References5
OSV
OSV
added 2025/10/22 9:31 p.m.5 views

CVE-2025-62706 Authlib : JWE zip=DEF decompression bomb enables DoS

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.5, Authlib’s JWE zip=DEF path performs unbounded DEFLATE decompression. A very small ciphertext can expand into tens or hundreds of megabytes on decrypt, allowing an attacker who can supply decryptable...

6.5CVSS6.8AI score0.00418EPSS
Exploits1References5
CVE
CVE
added 2025/10/22 9:31 p.m.61 views

CVE-2025-62706

Authlib’s CVE-2025-62706 affects the JWE zip=DEF decompression path in prior releases. A small ciphertext could inflate to tens/hundreds of MB during decrypt, enabling DoS via memory and CPU exhaustion. A fix exists in v1.6.5; mitigations include rejecting or stripping zip=DEF for inbound JWEs, a...

6.5CVSS6.5AI score0.00418EPSS
Exploits1References3Affected Software1
Debian CVE
Debian CVE
added 2025/10/22 9:31 p.m.6 views

CVE-2025-62706

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.5, Authlib’s JWE zip=DEF path performs unbounded DEFLATE decompression. A very small ciphertext can expand into tens or hundreds of megabytes on decrypt, allowing an attacker who can supply decryptable...

6.5CVSS5.3AI score0.00418EPSS
Exploits1
Rows per page
Query Builder