Lucene search
K
PythonUrllib3

7 matches found

CVE
CVE
added 2020/09/29 12:0 a.m.907 views

CVE-2020-26137

CVE-2020-26137 pertains to Python’s urllib3 and is explicitly described as a CRLF injection vulnerability in the HTTP request handling of urllib3/http.client. The connected advisories show affected package and version details: python-urllib3 1.24.2-2 (CBLMariner entry) and a recommended upgrade t...

6.5CVSS7.2AI score0.02269EPSS
CVE
CVE
added 2019/04/15 12:0 a.m.783 views

CVE-2019-11236

The CVE-2019-11236 entry affects Python’s urllib3 up to version 1.24.1, where an attacker controlling a request parameter can trigger CRLF injection. Multiple connected advisories corroborate this issue and cite potential header/credential exposure risks in cross-origin redirects or crafted reque...

6.1CVSS7.2AI score0.02056EPSS
CVE
CVE
added 2024/06/17 7:18 p.m.534 views

CVE-2024-37891

CVE-2024-37891 affects urllib3 (Python HTTP client) across multiple distributions (e.g., python3-urllib3, python3.13-pip, python-pip, etc.). The issue: when not using urllib3’s ProxyManager proxy support, a configured Proxy-Authorization header could be sent, and urllib3 may not strip it on cross...

6.5CVSS5.8AI score0.01141EPSS
CVE
CVE
added 2023/10/15 12:0 a.m.267 views

CVE-2018-25091

CVE-2018-25091 affects the urllib3 library (before 1.24.2). When following cross-origin redirects, urllib3 may not remove the Authorization header, allowing credentials to be exposed to unintended hosts or transmitted in cleartext. This is noted as a follow-on from an incomplete fix for CVE-2018-...

6.1CVSS7.1AI score0.00512EPSS
CVE
CVE
added 2025/06/19 1:8 a.m.232 views

CVE-2025-50181

CVE-2025-50181 affects python-urllib3 and was fixed in urllib3 2.5.0. Several connected advisories confirm vulnerable versions are older releases (e.g., python-urllib3

6.1CVSS5.4AI score0.00409EPSS
CVE
CVE
added 2021/03/15 12:0 a.m.213 views

CVE-2021-28363

CVE-2021-28363 affects urllib3 for Python: versions 1.26.x before 1.26.4 omit SSL certificate validation when connecting HTTPS to HTTPS proxies, potentially enabling MITM via proxy hostname mismatch. Impact is partial confidentiality. Remediation: upgrade urllib3 to 1.26.4 or later (patched versi...

6.5CVSS6.4AI score0.02109EPSS
CVE
CVE
added 2025/06/19 1:42 a.m.166 views

CVE-2025-50182

CVE-2025-50182 : Affects urllib3 (Python HTTP client). The issue is that prior to 2.5.0, when urllib3 is used in environments like Pyodide (Python in a browser/Node via Fetch/XMLHttpRequest), redirects are not controlled; Pyodide determines redirect behavior, and retries/redirect params are ignor...

6.1CVSS5.1AI score0.0032EPSS