2 matches found
CVE-2019-11236
The CVE-2019-11236 entry affects Python’s urllib3 up to version 1.24.1, where an attacker controlling a request parameter can trigger CRLF injection. Multiple connected advisories corroborate this issue and cite potential header/credential exposure risks in cross-origin redirects or crafted reque...
CVE-2019-11324
The issue CVE-2019-11324 affects the Python urllib3 library prior to 1.24.2, where SSL verification can be bypassed when the SSLContext, ca_certs, or ca_certs_dir arguments differ from the OS CA store, causing TLS handshakes to succeed when they should fail. This is related to how system vs manua...