MGASA-2025-0281 Updated python-urllib3 & python-pip packages fix security vulnerability

Urllib3 redirects are not disabled when retries are disabled on PoolManager instantiation. CVE-2025-50181...

EUVD-2011-4875

Malware in sbrugna...

Security Bulletin:urllib3 before 2.5.0 fails to properly enforce redirect controls in PoolManager and Pyodide environments, exposing apps to SSRF and open redirect risks

Summary urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a PoolManager and specifying retries in a way that disable redirects. By default, requests and botocore users are not affected. An application...

EulerOS 2.0 SP12 : python-urllib3 (EulerOS-SA-2025-2055)

According to the versions of the python-urllib3 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by...

EulerOS 2.0 SP10 : python-urllib3 (EulerOS-SA-2025-2111)

According to the versions of the python-urllib3 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by...

Linux Distros Unpatched Vulnerability : CVE-2011-4970

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple SQL injection vulnerabilities in LCG Disk Pool Manager DPM before 1.8.6, as used in EGI UDM, allow remote attackers to execute arbitrary SQL commands v...

urllib3 redirects are not disabled when retries are disabled on PoolManager instantiation

...

USN-7599-2 python-pip vulnerability

USN-7599-1 fixed vulnerabilities in python-urllib3. This update provides the corresponding update for python-pip for CVE-2025-50181. Original advisory details: Jacob Sandum discovered that urllib3 handled redirects even when they were explicitly disabled while using the PoolManager. An attacker...

UBUNTU-CVE-2025-50181

urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a PoolManager and specifying retries in a way that disable redirects. By default, requests and botocore users are not affected. An application attemptin...

CVE-2025-50181

urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a PoolManager and specifying retries in a way that disable redirects. By default, requests and botocore users are not affected. An application attemptin...

Open Redirect

Overview urllib3 is a HTTP library with thread-safe connection pooling, file post, and more. Affected versions of this package are vulnerable to Open Redirect due to the retries parameter being ignored during PoolManager instantiation. An attacker can access unintended resources or endpoints by...

PT-2023-23858 · Trend Micro · Trend Micro Mobile Security

Name of the Vulnerable Software and Affected Versions: Trend Micro Mobile Security Enterprise version 9.8 SP5 Description: The issue allows a remote attacker to execute arbitrary code on affected installations. To exploit this, an attacker must first obtain the ability to execute low-privileged...

SUSE CVE-2013-1962

The remoteDispatchStoragePoolListAllVolumes function in the storage pool manager in libvirt 1.0.5 allows remote attackers to cause a denial of service file descriptor consumption via a large number of requests "to list all volumes for the particular pool."...

Pool Manager can frontrun fees to 100% and use it to steal the value from users

Handle pedroais Vulnerability details Impact Pool Manager can front-run entry fee to 100% and users could lose all their deposits Proof of Concept Considering : The pool manager is the creator of the pool Anyone can create a pool Manager is not a trusted actor Anyone can create a pool and get...

ConcentratedLiquidityPoolManager: reclaimIncentive() does not decrement rewardsUnclaimed

Handle hickuphh3 Vulnerability details Impact reclaimIncentive withdraws any unclaimed rewards to the incentive owner. While there is a check to prevent re-claiming of rewards requireincentive.rewardsUnclaimed = amount, "ALREADYCLAIMED"; it is ineffective because incentive.rewardsUnclaimed is not...

CVE-2011-4970

Multiple SQL injection vulnerabilities in LCG Disk Pool Manager DPM before 1.8.6, as used in EGI UDM, allow remote attackers to execute arbitrary SQL commands via the 1 rtoken variable in the dpmgetpendingreqbytoken, 2 dpmgetcprbyfullid, 3 dpmgetcprbysurl, 4 dpmgetcprbysurls, 5 dpmgetgfrbyfullid,...

UBUNTU-CVE-2011-4970

Multiple SQL injection vulnerabilities in LCG Disk Pool Manager DPM before 1.8.6, as used in EGI UDM, allow remote attackers to execute arbitrary SQL commands via the 1 rtoken variable in the dpmgetpendingreqbytoken, 2 dpmgetcprbyfullid, 3 dpmgetcprbysurl, 4 dpmgetcprbysurls, 5 dpmgetgfrbyfullid,...

Sql injection

Multiple SQL injection vulnerabilities in LCG Disk Pool Manager DPM before 1.8.6, as used in EGI UDM, allow remote attackers to execute arbitrary SQL commands via the 1 rtoken variable in the dpmgetpendingreqbytoken, 2 dpmgetcprbyfullid, 3 dpmgetcprbysurl, 4 dpmgetcprbysurls, 5 dpmgetgfrbyfullid,...

CVE-2011-4970

Multiple SQL injection vulnerabilities affect LCG Disk Pool Manager (DPM) before 1.8.6, as used in EGI UDM. The issues enable remote attackers to execute arbitrary SQL commands via numerous parameters (e.g., dpm_get_pending_req_by_token, dpm_get_cpr_by_fullid, dpm_insert_cpr_entry, dpm_update_spc...

CVE-2011-4970

Multiple SQL injection vulnerabilities in LCG Disk Pool Manager DPM before 1.8.6, as used in EGI UDM, allow remote attackers to execute arbitrary SQL commands via the 1 rtoken variable in the dpmgetpendingreqbytoken, 2 dpmgetcprbyfullid, 3 dpmgetcprbysurl, 4 dpmgetcprbysurls, 5 dpmgetgfrbyfullid,...