Lucene search
K

3276 matches found

OSV
OSV
added 2026/01/29 2:48 p.m.4 views

OPENSUSE-SU-2026:20127-1 Security update for python-urllib3

This update for python-urllib3 fixes the following issues: - CVE-2025-66471: Fixed excessive resource consumption via decompression of highly compressed data in Streaming API bsc1254867 - CVE-2025-66418: Fixed resource exhaustion via unbounded number of links in the decompression chain bsc1254866...

8.9CVSS5.8AI score0.00622EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/01/29 9:8 a.m.6 views

urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)

urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP...

8.9CVSS5.8AI score0.02667EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/01/29 9:8 a.m.3 views

urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion

A flaw was found in urllib3 Python library that could lead to a Denial of Service condition. A remote, malicious server can exploit this flaw by responding to a client request with an HTTP message that uses an excessive number of chained compression algorithms. This unlimited decompression chain...

8.9CVSS5.7AI score0.00622EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/01/29 9:8 a.m.5 views

Important: Red Hat Security Advisory: python3.11-urllib3 security update

An update for python3.11-urllib3 is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

8.9CVSS6.6AI score0.02667EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/01/29 9:8 a.m.4 views

urllib3: urllib3 Streaming API improperly handles highly compressed data

A decompression handling flaw has been discovered in urllib3. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header e.g., gzip, deflate, br, or zstd. The library must read compressed data from the network and decompress it...

8.9CVSS5.9AI score0.00622EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/01/29 12:0 a.m.5 views

MiracleLinux 9 : python3.12-urllib3-1.26.19-1.el9_7.1 (AXSA:2026-094:02)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2026-094:02 advisory. urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion CVE-2025-66418 urllib3: urllib3 Streaming API improperly handles highly...

8.9CVSS5.9AI score0.02667EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/01/29 12:0 a.m.5 views

AlmaLinux 8 : python-urllib3 (ALSA-2026:1254)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2026:1254 advisory. urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion CVE-2025-66418 urllib3: urllib3 Streaming API improperly handles highly...

8.9CVSS5.9AI score0.02667EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/01/28 5:34 p.m.6 views

urllib3: urllib3 Streaming API improperly handles highly compressed data

A decompression handling flaw has been discovered in urllib3. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header e.g., gzip, deflate, br, or zstd. The library must read compressed data from the network and decompress it...

8.9CVSS5.9AI score0.00622EPSS
Exploits0References6
OSV
OSV
added 2026/01/28 4:3 p.m.4 views

SUSE-SU-2026:20175-1 Security update for python-urllib3

This update for python-urllib3 fixes the following issues: - CVE-2025-66471: Fixed excessive resource consumption via decompression of highly compressed data in Streaming API bsc1254867 - CVE-2025-66418: Fixed resource exhaustion via unbounded number of links in the decompression chain bsc1254866...

8.9CVSS5.8AI score0.00622EPSS
Exploits0References5
OSV
OSV
added 2026/01/28 4:3 p.m.2 views

SUSE-SU-2026:20189-1 Security update for python-urllib3

This update for python-urllib3 fixes the following issues: - CVE-2025-66471: Fixed excessive resource consumption via decompression of highly compressed data in Streaming API bsc1254867 - CVE-2025-66418: Fixed resource exhaustion via unbounded number of links in the decompression chain bsc1254866...

8.9CVSS7.3AI score0.00622EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/01/28 3:32 p.m.10 views

urllib3: urllib3 Streaming API improperly handles highly compressed data

A decompression handling flaw has been discovered in urllib3. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header e.g., gzip, deflate, br, or zstd. The library must read compressed data from the network and decompress it...

8.9CVSS5.9AI score0.00622EPSS
Exploits0References6
EUVD
EUVD
added 2026/01/28 3:20 p.m.6 views

EUVD-2025-206333

Next.js has Unbounded Memory Consumption via PPR Resume Endpoint...

5.9CVSS5.9AI score0.00444EPSS
Exploits0References3
OSV
OSV
added 2026/01/28 3:20 p.m.7 views

GHSA-5F7Q-JPQC-WP7H Next.js has Unbounded Memory Consumption via PPR Resume Endpoint

A denial of service vulnerability exists in Next.js versions with Partial Prerendering PPR enabled when running in minimal mode. The PPR resume endpoint accepts unauthenticated POST requests with the Next-Resume: 1 header and processes attacker-controlled postponed state data. Two closely related...

5.9CVSS5.9AI score0.00444EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/01/28 3:20 p.m.51 views

Next.js has Unbounded Memory Consumption via PPR Resume Endpoint

A denial of service vulnerability exists in Next.js versions with Partial Prerendering PPR enabled when running in minimal mode. The PPR resume endpoint accepts unauthenticated POST requests with the Next-Resume: 1 header and processes attacker-controlled postponed state data. Two closely related...

7.5CVSS5.9AI score0.00363EPSS
Exploits0References4Affected Software1
RedHat Linux
RedHat Linux
added 2026/01/28 11:24 a.m.10 views

urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)

urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP...

8.9CVSS5.8AI score0.02667EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/01/28 11:24 a.m.4 views

urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion

A flaw was found in urllib3 Python library that could lead to a Denial of Service condition. A remote, malicious server can exploit this flaw by responding to a client request with an HTTP message that uses an excessive number of chained compression algorithms. This unlimited decompression chain...

8.9CVSS5.7AI score0.00622EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/01/28 11:24 a.m.10 views

urllib3: urllib3 Streaming API improperly handles highly compressed data

A decompression handling flaw has been discovered in urllib3. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header e.g., gzip, deflate, br, or zstd. The library must read compressed data from the network and decompress it...

8.9CVSS5.9AI score0.00622EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/01/28 11:24 a.m.4 views

Important: Red Hat Security Advisory: RHUI 4.11.3 security update - python-urllib3

An updated version of Red Hat Update Infrastructure RHUI is now available. RHUI 4.11.3 resolves several security vulnerabilities. Red Hat Update Infrastructure RHUI provides a highly scalable and redundant framework for managing repositories and content. It also allows cloud providers to deliver...

8.9CVSS6.7AI score0.02667EPSS
Exploits0References4
Veracode
Veracode
added 2026/01/28 7:57 a.m.5 views

Denial Of Service (DoS)

Next.js is vulnerable to a Denial of Service DoS vulnerability. The vulnerability is due to unbounded request body buffering and unbounded decompression in the Partial Prerendering PPR resume endpoint, which allows an attacker to send specially crafted unauthenticated POST requests or compressed...

7.5CVSS5.9AI score0.00363EPSS
Exploits0References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/01/28 12:0 a.m.5 views

MiracleLinux 8 : python3.11-urllib3-1.26.12-6.el8_10 (AXSA:2026-088:01)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2026-088:01 advisory. urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion CVE-2025-66418 urllib3: urllib3 Streaming API improperly handles highly...

8.9CVSS5.9AI score0.02667EPSS
Exploits0References4
Rows per page
Query Builder