Search CVE reports
1 – 10 of 17 results
urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.0 and prior to 2.6.0, the Streaming API improperly handles highly compressed data. urllib3's streaming API is designed for the efficient handling of...
2 affected packages
python-urllib3, python-pip
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python-urllib3 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| python-pip | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited...
2 affected packages
python-urllib3, python-pip
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python-urllib3 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| python-pip | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
urllib3 is a user-friendly HTTP client library for Python. Starting in version 2.2.0 and prior to 2.5.0, urllib3 does not control redirects in browsers and Node.js. urllib3 supports being used in a Pyodide runtime utilizing the...
2 affected packages
python-pip, python-urllib3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python-pip | Not affected | Not affected | Not affected | Not affected |
| python-urllib3 | Not affected | Not affected | Not affected | Not affected |
urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a PoolManager and specifying retries in a way that disable redirects. By default,...
2 affected packages
python-pip, python-urllib3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python-pip | Fixed | Fixed | Not affected | Not affected |
| python-urllib3 | Fixed | Fixed | Fixed | Fixed |
Some fixes available 12 of 16
urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with `ProxyManager`, the `Proxy-Authorization` header is only sent to the configured proxy, as expected. However, when sending HTTP...
2 affected packages
python-pip, python-urllib3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python-pip | Fixed | Fixed | Fixed | Fixed |
| python-urllib3 | Fixed | Fixed | Fixed | Fixed |
Some fixes available 13 of 16
urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one...
2 affected packages
python-pip, python-urllib3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python-pip | Fixed | Fixed | Fixed | Fixed |
| python-urllib3 | Not affected | Fixed | Fixed | Fixed |
Some fixes available 4 of 7
urllib3 before 1.24.2 does not remove the authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the authorization header to be...
2 affected packages
python-urllib3, python-pip
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python-urllib3 | Not affected | Not affected | Not affected | Fixed |
| python-pip | Not affected | Not affected | Not affected | Fixed |
Some fixes available 12 of 15
urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it...
2 affected packages
python-urllib3, python-pip
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python-urllib3 | Not affected | Fixed | Fixed | Fixed |
| python-pip | Not affected | Fixed | Fixed | Fixed |
Some fixes available 2 of 6
An issue was discovered in urllib3 before 1.26.5. When provided with a URL containing many @ characters in the authority component, the authority regular expression exhibits catastrophic backtracking, causing a denial of service...
2 affected packages
python-urllib3, python-pip
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python-urllib3 | — | Not affected | Fixed | Not affected |
| python-pip | — | Not affected | Fixed | Not affected |
The urllib3 library 1.26.x before 1.26.4 for Python omits SSL certificate validation in some cases involving HTTPS to HTTPS proxies. The initial connection to the HTTPS proxy (if an SSLContext isn't given via proxy_config) doesn't...
2 affected packages
python-urllib3, python-pip
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python-urllib3 | — | — | Not affected | Not affected |
| python-pip | — | — | Not affected | Not affected |