3 matches found
CVE-2021-33503
CVE-2021-33503 affects urllib3 prior to 1.26.5, where the authority component regex can catastrophically backtrack on URLs containing many @ characters, leading to denial of service via parameters or redirects. Several connected sources note a patched version is available (e.g., python-urllib3 up...
CVE-2019-11324
The issue CVE-2019-11324 affects the Python urllib3 library prior to 1.24.2, where SSL verification can be bypassed when the SSLContext, ca_certs, or ca_certs_dir arguments differ from the OS CA store, causing TLS handshakes to succeed when they should fail. This is related to how system vs manua...
CVE-2020-7212
CVE-2020-7212 concerns urllib3 for Python (versions 1.25.2–1.25.7) with a Denial of Service risk caused by the _encode_invalid_chars implementation in util/url.py. The issue arises from an inefficient algorithm where the percent_encodings collection can grow O(N) for a URL of length N, and the su...