Lucene search
K
PythonUrllib3

6 matches found

CVE
CVE
added 2023/10/04 4:1 p.m.922 views

CVE-2023-43804

CVE-2023-43804 affects the Python urllib3 library, where a Cookie header may be leaked across cross-origin redirects if redirects are not disabled. The issue is resolved in urllib3 1.26.17 or 2.0.5. Affected environments are confirmed in multiple reports, including AlmaLinux and Brocade advisorie...

8.1CVSS8AI score0.01207EPSS
CVE
CVE
added 2026/01/07 10:9 p.m.133 views

CVE-2026-21441

CVE-2026-21441 (urllib3) : The issue occurs in urllib3’s streaming API where, for HTTP redirect responses, the client decompresses the entire response body even before any reads are issued, enabling potential resource exhaustion (CPU/memory) via decompression bombs. Affected versions are prior to...

8.9CVSS6.1AI score0.02667EPSS
CVE
CVE
added 2026/05/13 3:17 p.m.101 views

CVE-2026-44432

CVE-2026-44432 affects urllib3 before 2.7.0, where the library could decompress the entire response during HTTPResponse.read or drain_conn, leading to high CPU and memory usage when handling highly compressed data. Affected versions: 2.6.0 up to (but not including) 2.7.0. Impact described as pote...

8.9CVSS5.8AI score0.0068EPSS
CVE
CVE
added 2026/05/13 3:20 p.m.75 views

CVE-2026-44431

CVE-2026-44431 affects urllib3 (Python HTTP client). From versions 1.23 up to, but not including, 2.7.0, cross-origin redirects followed by the low‑level API via ProxyManager.connection_from_url().urlopen(..., assert_same_host=False) still forward sensitive headers. This constitutes a leakage of ...

8.2CVSS5.8AI score0.00527EPSS
CVE
CVE
added 2025/12/05 4:6 p.m.66 views

CVE-2025-66471

CVE-2025-66471 affects urllib3’s streaming API handling of compressed HTTP responses in Python. The issue arises when streaming a highly compressed payload, where decompression could process data in a way that uses excessive CPU and memory, potentially from the decompression buffer behavior noted...

8.9CVSS6.4AI score0.00633EPSS
CVE
CVE
added 2025/12/05 4:2 p.m.47 views

CVE-2025-66418

The connected advisories confirm CVE-2025-66418 affects urllib3 (Python) via an unbounded decompression chain in versions 1.24 up to before 2.6.0, enabling high CPU and memory usage; remediation is to upgrade to 2.6.0 or later. Additional advisories note related issues: CVE-2025-66471 (Streaming ...

8.9CVSS6.3AI score0.00633EPSS