2 matches found
CVE-2021-33503
CVE-2021-33503 affects urllib3 prior to 1.26.5, where the authority component regex can catastrophically backtrack on URLs containing many @ characters, leading to denial of service via parameters or redirects. Several connected sources note a patched version is available (e.g., python-urllib3 up...
CVE-2021-28363
CVE-2021-28363 affects urllib3 for Python: versions 1.26.x before 1.26.4 omit SSL certificate validation when connecting HTTPS to HTTPS proxies, potentially enabling MITM via proxy hostname mismatch. Impact is partial confidentiality. Remediation: upgrade urllib3 to 1.26.4 or later (patched versi...