Lucene search
K

44 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in python-urllib3

urllib3 is a user-friendly HTTP client library for Python. urllib3 does not treat the Cookie HTTP header specially or provides any helpers for managing cookies over HTTP; that responsibility lies with the user. However, it is possible for a user to specify a Cookie header, and information may be...

8.1CVSS6.5AI score0.01207EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/05/19 6:30 p.m.13 views

cpython: Incomplete control character validation in http.cookies

A control character validation flaw has been discovered in the Python http.cookie module. The Morsel.update, |= operator, and unpickling paths were not patched to resolve CVE-2026-0672, allowing control characters to bypass input validation. Additionally, BaseCookie.jsoutput lacked the output...

7.5CVSS7.2AI score0.00392EPSS
Exploits0References8
OSV
OSV
added 2026/05/15 2:0 p.m.8 views

OESA-2026-2299 python-urllib3 security update

HTTP library with thread-safe connection pooling, file post support, sanity friendly, and more. Security Fixes: urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connectionfromurl.urlopen...,...

8.2CVSS5.8AI score0.00527EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/10 2:21 p.m.3 views

Security Bulletin: Vulnerabilities in urllib3, router, qs, cryptography, axios might affect IBM Storage Defender Sentinel Anomaly Scan Engine.

Summary IBM Storage Defender Sentinel Anomaly Scan Engine can be affected by vulnerabilities in urllib3, router, qs, cryptography, and axios. Vulnerabilities include allowing an attacker to cause cross-site scripting, input improper data, provide a public key point from a small order subgroup, an...

8.9CVSS7.2AI score0.02667EPSS
Exploits1Affected Software1
CNNVD
CNNVD
added 2026/04/06 12:0 a.m.15 views

curl_cffi 代码问题漏洞

curlcffi is a Python HTTP client library developed by Lexiforest personal developers, which supports browser fingerprint simulation. Versions of curlcffi prior to 0.15.0 have code vulnerabilities. These vulnerabilities stem from the lack of restrictions on requests directed to internal IP ranges,...

8.6CVSS5.9AI score0.00463EPSS
Exploits1References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/18 4:8 p.m.4 views

Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in urllib3 (CVE-2026-21441, CVE-2025-66471)

Summary IBM Sterling Control Center is affected by a vulnerability CVE-2026-21441, CVE-2025-66471 reported for urllib3. Vulnerability Details CVEID:CVE-2026-21441 DESCRIPTION: urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTT...

8.9CVSS6.8AI score0.02667EPSS
Exploits0Affected Software1
OSV
OSV
added 2026/01/30 12:27 p.m.4 views

OESA-2026-1251 python-urllib3 security update

HTTP library with thread-safe connection pooling, file post support, sanity friendly, and more. Security Fixes: urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious...

8.9CVSS6.1AI score0.00622EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/07 12:0 a.m.5 views

PT-2026-2060

Name of the Vulnerable Software and Affected Versions urllib3 versions 1.22 through 2.6.2 Description urllib3 is a Python HTTP client library. Its streaming API is designed for efficient handling of large HTTP responses by reading content in chunks. The library decompresses content based on the...

8.9CVSS6.5AI score0.02667EPSS
Exploits0References165
Tenable Nessus
Tenable Nessus
added 2026/01/06 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2025-69224

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below of the Python HTTP parser may allow a request smugglin...

6.5CVSS7.3AI score0.00213EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/17 1:46 p.m.6 views

Security Bulletin: Vulnerability in urllib3 affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0)[CVE-2023-43804, CVE-2023-45803]

Summary The urllib3 package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVEsCVE-2023-43804, CVE-2023-45803 Vulnerability Details CVEID:CVE-2023-43804 DESCRIPTION: urllib3 is a user-friendly HTTP client library for Python. urllib3...

8.1CVSS6.8AI score0.01207EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2025/12/05 4:6 p.m.4 views

EUVD-2025-201419

urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.0 and prior to 2.6.0, the Streaming API improperly handles highly compressed data. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than...

8.9CVSS6.3AI score0.00622EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/12/02 6:53 p.m.5 views

CVE-2025-13836

A flaw was found in the http.client module in the Python standard library. When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This issue allows a malicious server to cause the client to read large amounts of data into...

9.1CVSS6.8AI score0.01525EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/11/13 12:0 a.m.6 views

Siemens SIMATIC S7-1500 URL Redirection to Untrusted Site (CVE-2021-28861)

Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple / at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states Warnin...

7.4CVSS6.7AI score0.0199EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/29 10:41 a.m.6 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in python3-pip-wheel python3.12-pip python3.12-pip-wheel urllib3

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in python3-pip-wheel python3.12-pip python3.12-pip-wheel urllib3 Vulnerability Details CVEID:CVE-2025-50182 DESCRIPTION: urllib3 is a user-friendly HTTP client library for Python. Starting in version...

6.1CVSS6AI score0.00313EPSS
Exploits0Affected Software1
Microsoft CVE
Microsoft CVE
added 2025/09/03 11:12 p.m.4 views

aiohttp's HTTP parser (the python one, not llhttp) still overly lenient about separators

...

6.5CVSS7AI score0.0102EPSS
Exploits1
OSV
OSV
added 2025/06/19 1:42 a.m.6 views

CVE-2025-50182 urllib3 does not control redirects in browsers and Node.js

urllib3 is a user-friendly HTTP client library for Python. Starting in version 2.2.0 and prior to 2.5.0, urllib3 does not control redirects in browsers and Node.js. urllib3 supports being used in a Pyodide runtime utilizing the JavaScript Fetch API or falling back on XMLHttpRequest. This means...

5.3CVSS6.2AI score0.00313EPSS
Exploits0References5
Rockylinux
Rockylinux
added 2025/05/07 7:11 p.m.13 views

python-urllib3 security update

An update is available for python-urllib3. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The python-urllib3 package provides the Python HTTP module with...

6.5CVSS5.6AI score0.01141EPSS
Exploits1
OSV
OSV
added 2025/01/16 7:24 a.m.14 views

BIT-PYTHON-MIN-2020-26116

http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request...

7.2CVSS8.3AI score0.0642EPSS
Exploits1References15
OpenVAS
OpenVAS
added 2025/01/14 12:0 a.m.6 views

Huawei EulerOS: Security Advisory for python-urllib3 (EulerOS-SA-2025-1045)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS7.7AI score0.01141EPSS
Exploits1References2
AlmaLinux
AlmaLinux
added 2024/11/05 12:0 a.m.18 views

Moderate: python3.11-urllib3 security update

The python-urllib3 package provides the Python HTTP module with connection pooling and file POST abilities. Security Fixes: urllib3: proxy-authorization request header is not stripped during cross-origin redirects CVE-2024-37891 For more details about the security issues, including the impact, a...

6.5CVSS5.1AI score0.01141EPSS
Exploits1References4
Rows per page
Query Builder