CVE-2025-50182

CVE-2025-50182 : Affects urllib3 (Python HTTP client). The issue is that prior to 2.5.0, when urllib3 is used in environments like Pyodide (Python in a browser/Node via Fetch/XMLHttpRequest), redirects are not controlled; Pyodide determines redirect behavior, and retries/redirect params are ignor...

CVE-2025-50182 urllib3 does not control redirects in browsers and Node.js

urllib3 is a user-friendly HTTP client library for Python. Starting in version 2.2.0 and prior to 2.5.0, urllib3 does not control redirects in browsers and Node.js. urllib3 supports being used in a Pyodide runtime utilizing the JavaScript Fetch API or falling back on XMLHttpRequest. This means...

CVE-2025-50182

urllib3 is a user-friendly HTTP client library for Python. Starting in version 2.2.0 and prior to 2.5.0, urllib3 does not control redirects in browsers and Node.js. urllib3 supports being used in a Pyodide runtime utilizing the JavaScript Fetch API or falling back on XMLHttpRequest. This means...

CVE-2025-50182 urllib3 does not control redirects in browsers and Node.js

urllib3 is a user-friendly HTTP client library for Python. Starting in version 2.2.0 and prior to 2.5.0, urllib3 does not control redirects in browsers and Node.js. urllib3 supports being used in a Pyodide runtime utilizing the JavaScript Fetch API or falling back on XMLHttpRequest. This means...

CVE-2025-50181

urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a PoolManager and specifying retries in a way that disable redirects. By default, requests and botocore users are not affected. An application attemptin...

Important: Red Hat Security Advisory: libsoup security update

An update for libsoup is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated this update as...

RHEL 8 : libsoup (RHSA-2025:8482)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:8482 advisory. The libsoup packages provide an HTTP client and server library for GNOME. Security Fixes: libsoup: Heap buffer over-read in...

com.codbex.phoebe:codbex-phoebe-application (>=0.2.0 <=2.44.0), org.springframework.cloud:httpclient (=4.1.9) +2 more potentially affected by CVE-2025-41235 via org.springframework.cloud:spring-cloud-gateway-server-mvc (>=4.1.7 <=4.2.2)

org.springframework.cloud:spring-cloud-gateway-server-mvc MAVEN version =4.1.7, =0.2.0, =4.1.7, =4.1.7, =4.2.2 Source cves: CVE-2025-41235 Source advisory: OSV:GHSA-6J2Q-C73V-97C5...

Important: Red Hat Security Advisory: libsoup security update

An update for libsoup is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Important: Red Hat Security Advisory: libsoup security update

An update for libsoup is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Important: Red Hat Security Advisory: libsoup security update

An update for libsoup is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

RHEL 9 : libsoup (RHSA-2025:8139)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:8139 advisory. The libsoup packages provide an HTTP client and server library for GNOME. Security Fixes: libsoup: Heap buffer over-read in...

ALSA-2025:8126 Important: libsoup security update

The libsoup packages provide an HTTP client and server library for GNOME. Security Fixes: libsoup: Heap buffer over-read in skipinsignificantspace when sniffing content CVE-2025-2784 libsoup: Denial of Service attack to websocket server CVE-2025-32049 libsoup: OOB Read on libsoup through function...

RHEL 8 : libsoup (RHSA-2025:8132)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:8132 advisory. The libsoup packages provide an HTTP client and server library for GNOME. Security Fixes: libsoup: Heap buffer over-read in...

RHEL 9 : libsoup (RHSA-2025:8126)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:8126 advisory. The libsoup packages provide an HTTP client and server library for GNOME. Security Fixes: libsoup: Heap buffer over-read in...

CVE-2025-22149

JWK Set JSON Web Key Set is a JWK and JWK Set Go implementation. Prior to 0.6.0, the project's provided HTTP client's local JWK Set cache should do a full replacement when the goroutine refreshes the remote JWK Set. The current behavior is to overwrite or append. This is a security issue for use...

CVE-2023-0040

Versions of Async HTTP Client prior to 1.13.2 are vulnerable to a form of targeted request manipulation called CRLF injection. This vulnerability was the result of insufficient validation of HTTP header field values before sending them to the network. Users are vulnerable if they pass untrusted...

CVE-2022-36364

Apache Calcite Avatica JDBC driver creates HTTP client instances based on class names provided via httpclientimpl connection property; however, the driver does not verify if the class implements the expected interface before instantiating it, which can lead to code execution loaded via arbitrary...

CVE-2022-41249

A cross-site request forgery CSRF vulnerability in Jenkins SCM HttpClient Plugin 1.5 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

CVE-2021-33207

The HTTP client in MashZone NextGen through 10.7 GA deserializes untrusted data when it gets an HTTP response with a 570 status code...