UBUNTU-CVE-2026-48522

PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient passes its uri argument directly to urllib.request.urlopen which uses Python stdlib's default OpenerDirector registering HTTPHandler, HTTPSHandler, FTPHandler, FileHandler, and DataHandler. There is currently no...

CVE-2025-66471 vulnerabilities

Vulnerabilities for packages: kubeflow-katib, jwt-tool, datadog-agent, py3-pip, py3-urllib3, dask-kubernetes, open-webui, jupyter-base-notebook, tensorflow-cpu-jupyter, py3-cassandra-medusa, airflow, kubeflow-volumes-web-app, py3-pipenv, confluent-docker-utils,...

EUVD-2019-19302

Malware in sbrugna...

EUVD-2011-1522

Malware in sbrugna...

F5 Networks BIG-IP : Python urllib vulnerability (K000153042)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.5.1.1. It is, therefore, affected by a vulnerability as referenced in the K000153042 advisory. An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF injection is...

F5 Networks BIG-IP : Python urllib vulnerability (K000153040)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.5.1. It is, therefore, affected by a vulnerability as referenced in the K000153040 advisory. An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is...

K000153040: Python urllib vulnerability CVE-2019-9740

Security Advisory Description An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the...

BIT-LIBPYTHON-2025-0938 URL parser allowed square brackets in domain names

The Python standard library functions urllib.parse.urlsplit and urlparse accepted domain names that included square brackets which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in...

K000151516: Python urllib vulnerability CVE-2019-9947

Security Advisory Description An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the...

F5 Networks BIG-IP : Python urllib vulnerability (K000151516)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3 / 17.5.1. It is, therefore, affected by a vulnerability as referenced in the K000151516 advisory. An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injectio...

DEBIAN-CVE-2023-24329

An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters...

SUSE CVE-2011-1521

The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x before 3.2.1 process Location headers that specify redirection to file: URLs, which makes it easier for remote attackers to obtain sensitive information or cause a denial of service resource consumption via a crafted URL, as...

SUSE CVE-2019-9740

An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the query string after a ? charact...

SUSE CVE-2019-9947

An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the path component of a URL that...

SUSE CVE-2019-9948

urllib in Python 2.x through 2.7.16 supports the localfile: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen'localfile:///etc/passwd' call...

new packages: python-urllib-gssapi

An update is available for python-urllib-gssapi. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Roc...

python: urllib: Regular expression DoS in AbstractBasicAuthHandler

There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client such as web browser connects to, could trigger a Regular Expression Denial of Service ReDOS during an authentication request with a specially crafted payload that is sen...

USN-5201-1: Python vulnerabilities

It was discovered that the Python urllib http client could enter into an infinite loop when incorrectly handling certain server responses 100 Continue response. Specially crafted traffic from a malicious HTTP server could cause a denial of service Dos condition for a client...

USN-5201-1 python3.8, python3.9 vulnerabilities

It was discovered that the Python urllib http client could enter into an infinite loop when incorrectly handling certain server responses 100 Continue response. Specially crafted traffic from a malicious HTTP server could cause a denial of service Dos condition for a client...

Python 资源管理错误漏洞

Python is an open source, object-oriented programming language from the Python Foundation. The language is extensible, supports modules and packages, and supports multiple platforms. A resource management error vulnerability exists in the AbstractBasicAuthHandler class of python urllib, which ste...