urllib3: urllib3: Denial of Service due to excessive HTTP response decompression

A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response,...

urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers

A flaw was found in urllib3, an HTTP client library for Python. When using the low-level API via ProxyManager.connectionfromurl.urlopen with assertsamehost=False, cross-origin redirects can still forward sensitive headers. This could allow a remote attacker to gain unauthorized access to sensitiv...

Important: Red Hat Security Advisory: python3.14-urllib3 security update

An update for python3.14-urllib3 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

urllib3: urllib3: Denial of Service due to excessive HTTP response decompression

A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response,...

urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers

A flaw was found in urllib3, an HTTP client library for Python. When using the low-level API via ProxyManager.connectionfromurl.urlopen with assertsamehost=False, cross-origin redirects can still forward sensitive headers. This could allow a remote attacker to gain unauthorized access to sensitiv...

Important: Red Hat Security Advisory: python3.12-urllib3 security update

An update for python3.12-urllib3 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

urllib3: urllib3: Denial of Service due to excessive HTTP response decompression

A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response,...

urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers

A flaw was found in urllib3, an HTTP client library for Python. When using the low-level API via ProxyManager.connectionfromurl.urlopen with assertsamehost=False, cross-origin redirects can still forward sensitive headers. This could allow a remote attacker to gain unauthorized access to sensitiv...

Important: Red Hat Security Advisory: python-urllib3 security update

An update for python-urllib3 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

ROOT-APP-PYPI-CVE-2023-45803 CVE-2023-45803 in rootio-urllib3 - Patched by Root

Root has patched CVE-2023-45803 in the rootio-urllib3 package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2023-43804 CVE-2023-43804 in rootio-urllib3 - Patched by Root

Root has patched CVE-2023-43804 in the rootio-urllib3 package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2025-50181 CVE-2025-50181 in rootio-urllib3 - Patched by Root

Root has patched CVE-2025-50181 in the rootio-urllib3 package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2019-11324 CVE-2019-11324 in rootio-urllib3 - Patched by Root

Root has patched CVE-2019-11324 in the rootio-urllib3 package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2018-25091 CVE-2018-25091 in rootio-urllib3 - Patched by Root

Root has patched CVE-2018-25091 in the rootio-urllib3 package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2024-37891 CVE-2024-37891 in rootio-urllib3 - Patched by Root

Root has patched CVE-2024-37891 in the rootio-urllib3 package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2025-66471 CVE-2025-66471 in rootio-urllib3 - Patched by Root

Root has patched CVE-2025-66471 in the rootio-urllib3 package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2018-20060 CVE-2018-20060 in rootio-urllib3 - Patched by Root

Root has patched CVE-2018-20060 in the rootio-urllib3 package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2020-26137 CVE-2020-26137 in rootio-urllib3 - Patched by Root

Root has patched CVE-2020-26137 in the rootio-urllib3 package for Root:PyPI. Multiple fixed versions available...

urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)

urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP...

Important: Red Hat Security Advisory: Red Hat OpenStack Platform 17.1 (python-urllib3) security update

An update for python-urllib3 is now available for Red Hat OpenStack Platform 17.1 Wallaby. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...