Lucene search
K

8 matches found

Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.9 views

PT-2026-39665

Name of the Vulnerable Software and Affected Versions urllib3 versions 1.23 through 2.6.x Description Sensitive headers, specifically Authorization, Cookie, and Proxy-Authorization, are forwarded during cross-origin redirects when using the low-level API via ProxyManager.connection from...

8.2CVSS5.8AI score0.00527EPSS
Exploits0References370
Tenable Nessus
Tenable Nessus
added 2026/03/06 12:0 a.m.8 views

MiracleLinux 8 : resource-agents-4.9.0-54.el8_10.29 (AXBA:2026-270:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXBA:2026-270:01 advisory. - urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content ...

8.9CVSS5.9AI score0.02667EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/27 3:40 p.m.5 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a Data Amplification in urllib3 [ CVE-2026-21441]

Summary IBM Watson Speech Services Cartridge is vulnerable to a Data Amplification in urllib3, due to a flaw that library reads the entire response body to drain the connection and decompress the content unnecessarily, rather than decompressing only the necessary bytes as expected CVE-2026-21441...

8.9CVSS5.9AI score0.02667EPSS
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2026/01/28 11:24 a.m.11 views

urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)

urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP...

8.9CVSS5.8AI score0.02667EPSS
Exploits0References6
OSV
OSV
added 2026/01/07 10:15 p.m.9 views

AZL-74153 CVE-2026-21441 affecting package tensorflow for versions less than 2.16.1-10

urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP...

8.9CVSS6.7AI score0.02667EPSS
Exploits0References1
OSV
OSV
added 2026/01/07 10:15 p.m.2 views

ALPINE-CVE-2026-21441

urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP...

7.5CVSS5.6AI score0.02667EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/07 10:9 p.m.8 views

CVE-2026-21441 urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)

urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP...

8.9CVSS6.1AI score0.02667EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/01/07 7:18 p.m.13 views

Decompression-bomb safeguards bypassed when following HTTP redirects (streaming API)

Impact urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header e.g., gzip,...

8.9CVSS6.5AI score0.02667EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder