3 matches found
CVE-2026-21441
CVE-2026-21441 (urllib3) : The issue occurs in urllib3’s streaming API where, for HTTP redirect responses, the client decompresses the entire response body even before any reads are issued, enabling potential resource exhaustion (CPU/memory) via decompression bombs. Affected versions are prior to...
CVE-2026-44432
CVE-2026-44432 affects urllib3 before 2.7.0, where the library could decompress the entire response during HTTPResponse.read or drain_conn, leading to high CPU and memory usage when handling highly compressed data. Affected versions: 2.6.0 up to (but not including) 2.7.0. Impact described as pote...
CVE-2026-44431
CVE-2026-44431 affects urllib3 (Python HTTP client). From versions 1.23 up to, but not including, 2.7.0, cross-origin redirects followed by the low‑level API via ProxyManager.connection_from_url().urlopen(..., assert_same_host=False) still forward sensitive headers. This constitutes a leakage of ...