OESA-2026-1346 python-urllib3 security update

HTTP library with thread-safe connection pooling, file post support, sanity friendly, and more. Security Fixes: urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loadin...

GHSA-GM62-XV2J-4W53 urllib3 allows an unbounded number of links in the decompression chain

Impact urllib3 supports chained HTTP encoding algorithms for response content according to RFC 9110 e.g., Content-Encoding: gzip, zstd. However, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps...

EUVD-2023-1872

Malicious code in bioql PyPI...

CVE-2022-31019 DoS Vulnerability in URLEncodedFormDecoder in Vapor

Vapor is a server-side Swift HTTP web framework. When using automatic content decoding an attacker can craft a request body that can make the server crash with the following request: curl -d "array00array00array$for f in $seq 1100; do echo -n '00array'; donestring0=hello%20world"...

PT-2022-20463 · Vapor · Vapor

Name of the Vulnerable Software and Affected Versions: Vapor versions prior to 4.61.1 Description: The issue is related to unbounded, attacker-controlled stack growth, which can lead to a stack overflow and a process crash when using automatic content decoding. An attacker can craft a request bod...