Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:pypi/urllib3@1.25.3

Type pypi

Namespace

Name urllib3

Version 1.25.3

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 2.7.0

Latest_non_vulnerable_version 2.7.0

Affected_by_vulnerabilities

url VCID-21kr-1hbf-rfag

vulnerability_id VCID-21kr-1hbf-rfag

summary urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one that could accept a request body (like `POST`) to `GET` as is required by HTTP RFCs. Although this behavior is not specified in the section for redirects, it can be inferred by piecing together information from different sections and we have observed the behavior in other major HTTP client implementations like curl and web browsers. Because the vulnerability requires a previously trusted service to become compromised in order to have an impact on confidentiality we believe the exploitability of this vulnerability is low. Additionally, many users aren't putting sensitive data in HTTP request bodies, if this is the case then this vulnerability isn't exploitable. Both of the following conditions must be true to be affected by this vulnerability: 1. Using urllib3 and submitting sensitive information in the HTTP request body (such as form data or JSON) and 2. The origin service is compromised and starts redirecting using 301, 302, or 303 to a malicious peer or the redirected-to service becomes compromised. This issue has been addressed in versions 1.26.18 and 2.0.7 and users are advised to update to resolve this issue. Users unable to update should disable redirects for services that aren't expecting to respond with redirects with `redirects=False` and disable automatic redirects with `redirects=False` and handle 301, 302, and 303 redirects manually by stripping the HTTP request body.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45803.json

reference_id

reference_type

scores

value	4.2
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45803.json

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2023-212.yaml

reference_id

reference_type

scores

value	4.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

value	5.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2023-212.yaml

reference_url

https://github.com/urllib3/urllib3

reference_id

reference_type

scores

value	4.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

value	5.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/urllib3/urllib3

reference_url

https://github.com/urllib3/urllib3/commit/4e50fbc5db74e32cabd5ccc1ab81fc103adfe0b3

reference_id

reference_type

scores

value	4.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

value	5.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/urllib3/urllib3/commit/4e50fbc5db74e32cabd5ccc1ab81fc103adfe0b3

reference_url

https://github.com/urllib3/urllib3/commit/4e98d57809dacab1cbe625fddeec1a290c478ea9

reference_id

reference_type

scores

value	4.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

value	5.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/urllib3/urllib3/commit/4e98d57809dacab1cbe625fddeec1a290c478ea9

reference_url

https://github.com/urllib3/urllib3/commit/b594c5ceaca38e1ac215f916538fb128e3526a36

reference_id

reference_type

scores

value	4.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

value	5.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/urllib3/urllib3/commit/b594c5ceaca38e1ac215f916538fb128e3526a36

reference_url

https://github.com/urllib3/urllib3/releases/tag/1.26.18

reference_id

reference_type

scores

value	4.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

value	5.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/urllib3/urllib3/releases/tag/1.26.18

reference_url

https://github.com/urllib3/urllib3/releases/tag/2.0.7

reference_id

reference_type

scores

value	4.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

value	5.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/urllib3/urllib3/releases/tag/2.0.7

reference_url

https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4

reference_id

reference_type

scores

value	4.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

value	5.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4

reference_url

https://lists.debian.org/debian-lts-announce/2024/12/msg00020.html

reference_id

reference_type

scores

value	4.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

value	5.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2024/12/msg00020.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4R2Y5XK3WALSR3FNAGN7JBYV2B343ZKB

reference_id

reference_type

scores

value	4.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

value	5.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4R2Y5XK3WALSR3FNAGN7JBYV2B343ZKB

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5F5CUBAN5XMEBVBZPHFITBLMJV5FIJJ5

reference_id

reference_type

scores

value	4.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

value	5.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5F5CUBAN5XMEBVBZPHFITBLMJV5FIJJ5

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PPDPLM6UUMN55ESPQWJFLLIZY4ZKCNRX

reference_id

reference_type

scores

value	4.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

value	5.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PPDPLM6UUMN55ESPQWJFLLIZY4ZKCNRX

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PPDPLM6UUMN55ESPQWJFLLIZY4ZKCNRX/

reference_id

reference_type

scores

value	4.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PPDPLM6UUMN55ESPQWJFLLIZY4ZKCNRX/

reference_url

https://www.rfc-editor.org/rfc/rfc9110.html#name-get

reference_id

reference_type

scores

value	4.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

value	5.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.rfc-editor.org/rfc/rfc9110.html#name-get

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054226
reference_id	1054226
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054226

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2246840
reference_id	2246840
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2246840

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-45803

reference_id

CVE-2023-45803

reference_type

scores

value	4.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

value	5.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-45803

reference_url	https://github.com/advisories/GHSA-g4mx-q9vg-27p4
reference_id	GHSA-g4mx-q9vg-27p4
reference_type
scores
url	https://github.com/advisories/GHSA-g4mx-q9vg-27p4

reference_url	https://access.redhat.com/errata/RHSA-2023:7851
reference_id	RHSA-2023:7851
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7851

reference_url	https://access.redhat.com/errata/RHSA-2024:0116
reference_id	RHSA-2024:0116
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0116

reference_url	https://access.redhat.com/errata/RHSA-2024:0300
reference_id	RHSA-2024:0300
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0300

reference_url	https://access.redhat.com/errata/RHSA-2024:0464
reference_id	RHSA-2024:0464
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0464

reference_url	https://access.redhat.com/errata/RHSA-2024:0588
reference_id	RHSA-2024:0588
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0588

reference_url	https://access.redhat.com/errata/RHSA-2024:11189
reference_id	RHSA-2024:11189
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:11189

reference_url	https://access.redhat.com/errata/RHSA-2024:11238
reference_id	RHSA-2024:11238
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:11238

reference_url	https://access.redhat.com/errata/RHSA-2024:1155
reference_id	RHSA-2024:1155
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1155

reference_url	https://access.redhat.com/errata/RHSA-2024:1383
reference_id	RHSA-2024:1383
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1383

reference_url	https://access.redhat.com/errata/RHSA-2024:2132
reference_id	RHSA-2024:2132
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2132

reference_url	https://access.redhat.com/errata/RHSA-2024:2734
reference_id	RHSA-2024:2734
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2734

reference_url	https://access.redhat.com/errata/RHSA-2024:2952
reference_id	RHSA-2024:2952
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2952

reference_url	https://access.redhat.com/errata/RHSA-2024:2968
reference_id	RHSA-2024:2968
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2968

reference_url	https://access.redhat.com/errata/RHSA-2024:2988
reference_id	RHSA-2024:2988
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2988

reference_url	https://access.redhat.com/errata/RHSA-2025:0078
reference_id	RHSA-2025:0078
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:0078

reference_url	https://access.redhat.com/errata/RHSA-2025:1793
reference_id	RHSA-2025:1793
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1793

reference_url	https://access.redhat.com/errata/RHSA-2025:1813
reference_id	RHSA-2025:1813
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1813

fixed_packages

url pkg:pypi/urllib3@1.26.18

purl pkg:pypi/urllib3@1.26.18

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ueb4-ur9q-u3e1

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/urllib3@1.26.18

url pkg:pypi/urllib3@2.0.7

purl pkg:pypi/urllib3@2.0.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ueb4-ur9q-u3e1

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/urllib3@2.0.7

aliases CVE-2023-45803, GHSA-g4mx-q9vg-27p4, PYSEC-2023-212

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-21kr-1hbf-rfag

url VCID-83up-c218-e7f3

vulnerability_id VCID-83up-c218-e7f3

summary denial of service

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-33503.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-33503.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-33503

reference_id

reference_type

scores

value	0.00863
scoring_system	epss
scoring_elements	0.75437
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-33503

reference_url	https://github.com/advisories/GHSA-q2q7-5pp4-w6pg
reference_id
reference_type
scores
url	https://github.com/advisories/GHSA-q2q7-5pp4-w6pg

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2021-108.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2021-108.yaml

reference_url

https://github.com/urllib3/urllib3

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/urllib3/urllib3

reference_url

https://github.com/urllib3/urllib3/commit/2d4a3fee6de2fa45eb82169361918f759269b4ec

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/urllib3/urllib3/commit/2d4a3fee6de2fa45eb82169361918f759269b4ec

reference_url

https://github.com/urllib3/urllib3/commit/5b047b645f5f93900d5e2fc31230848c25eb1f5f#diff-52026d639119bf1e0364836b4e8a18bd9ed3c95c6ba39b26534a5057a65e35bbR65

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/urllib3/urllib3/commit/5b047b645f5f93900d5e2fc31230848c25eb1f5f#diff-52026d639119bf1e0364836b4e8a18bd9ed3c95c6ba39b26534a5057a65e35bbR65

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6SCV7ZNAHS3E6PBFLJGENCDRDRWRZZ6W

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6SCV7ZNAHS3E6PBFLJGENCDRDRWRZZ6W

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FMUGWEAUYGGHTPPXT6YBD53WYXQGVV73

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FMUGWEAUYGGHTPPXT6YBD53WYXQGVV73

reference_url

https://security.gentoo.org/glsa/202107-36

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.gentoo.org/glsa/202107-36

reference_url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1968074
reference_id	1968074
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1968074

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989848
reference_id	989848
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989848

reference_url	https://security.archlinux.org/ASA-202106-25
reference_id	ASA-202106-25
reference_type
scores
url	https://security.archlinux.org/ASA-202106-25

reference_url

https://security.archlinux.org/AVG-2038

reference_id

AVG-2038

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2038

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-33503

reference_id

CVE-2021-33503

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-33503

reference_url

https://github.com/urllib3/urllib3/security/advisories/GHSA-q2q7-5pp4-w6pg

reference_id

GHSA-q2q7-5pp4-w6pg

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/urllib3/urllib3/security/advisories/GHSA-q2q7-5pp4-w6pg

reference_url	https://access.redhat.com/errata/RHSA-2021:3473
reference_id	RHSA-2021:3473
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3473

reference_url	https://access.redhat.com/errata/RHSA-2021:4160
reference_id	RHSA-2021:4160
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4160

reference_url	https://access.redhat.com/errata/RHSA-2021:4162
reference_id	RHSA-2021:4162
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4162

reference_url	https://access.redhat.com/errata/RHSA-2021:4702
reference_id	RHSA-2021:4702
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4702

fixed_packages

url pkg:pypi/urllib3@1.26.5

purl pkg:pypi/urllib3@1.26.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-21kr-1hbf-rfag

vulnerability	VCID-ah3u-nfq4-dfg6

vulnerability	VCID-ueb4-ur9q-u3e1

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/urllib3@1.26.5

aliases CVE-2021-33503, GHSA-q2q7-5pp4-w6pg, PYSEC-2021-108

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-83up-c218-e7f3

url VCID-ah3u-nfq4-dfg6

vulnerability_id VCID-ah3u-nfq4-dfg6

summary urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. This issue has been patched in urllib3 version 1.26.17 or 2.0.5.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-43804.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-43804.json

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2023-192.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N

value	7.4
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2023-192.yaml

reference_url

https://github.com/urllib3/urllib3

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N

value	7.4
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/urllib3/urllib3

reference_url

https://github.com/urllib3/urllib3/commit/01220354d389cd05474713f8c982d05c9b17aafb

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	7.4
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/urllib3/urllib3/commit/01220354d389cd05474713f8c982d05c9b17aafb

reference_url

https://github.com/urllib3/urllib3/commit/644124ecd0b6e417c527191f866daa05a5a2056d

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	7.4
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/urllib3/urllib3/commit/644124ecd0b6e417c527191f866daa05a5a2056d

reference_url

https://github.com/urllib3/urllib3/security/advisories/GHSA-v845-jxx5-vc9f

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	7.4
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/urllib3/urllib3/security/advisories/GHSA-v845-jxx5-vc9f

reference_url

https://lists.debian.org/debian-lts-announce/2023/10/msg00012.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	7.4
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2023/10/msg00012.html

reference_url

https://lists.debian.org/debian-lts-announce/2024/12/msg00020.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N

value	7.4
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2024/12/msg00020.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5F5CUBAN5XMEBVBZPHFITBLMJV5FIJJ5

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N

value	7.4
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5F5CUBAN5XMEBVBZPHFITBLMJV5FIJJ5

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I3PR7C6RJ6JUBQKIJ644DMIJSUP36VDY

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N

value	7.4
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I3PR7C6RJ6JUBQKIJ644DMIJSUP36VDY

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDAGZXYJ7H2G3SB47M453VQVNAWKAEJJ

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N

value	7.4
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDAGZXYJ7H2G3SB47M453VQVNAWKAEJJ

reference_url

https://security.netapp.com/advisory/ntap-20241213-0007

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N

value	7.4
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20241213-0007

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053626
reference_id	1053626
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053626

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2242493
reference_id	2242493
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2242493

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-43804

reference_id

CVE-2023-43804

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N

value	7.4
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-43804

reference_url

https://www.vicarius.io/vsociety/posts/cve-2023-43804-urllib3-vulnerability-3

reference_id

CVE-2023-43804-URLLIB3-VULNERABILITY-3

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N

value	7.4
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.vicarius.io/vsociety/posts/cve-2023-43804-urllib3-vulnerability-3

reference_url	https://github.com/advisories/GHSA-v845-jxx5-vc9f
reference_id	GHSA-v845-jxx5-vc9f
reference_type
scores
url	https://github.com/advisories/GHSA-v845-jxx5-vc9f

reference_url	https://access.redhat.com/errata/RHSA-2023:6158
reference_id	RHSA-2023:6158
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6158

reference_url	https://access.redhat.com/errata/RHSA-2023:6812
reference_id	RHSA-2023:6812
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6812

reference_url	https://access.redhat.com/errata/RHSA-2023:7378
reference_id	RHSA-2023:7378
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7378

reference_url	https://access.redhat.com/errata/RHSA-2023:7385
reference_id	RHSA-2023:7385
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7385

reference_url	https://access.redhat.com/errata/RHSA-2023:7407
reference_id	RHSA-2023:7407
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7407

reference_url	https://access.redhat.com/errata/RHSA-2023:7435
reference_id	RHSA-2023:7435
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7435

reference_url	https://access.redhat.com/errata/RHSA-2023:7523
reference_id	RHSA-2023:7523
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7523

reference_url	https://access.redhat.com/errata/RHSA-2023:7528
reference_id	RHSA-2023:7528
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7528

reference_url	https://access.redhat.com/errata/RHSA-2023:7753
reference_id	RHSA-2023:7753
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7753

reference_url	https://access.redhat.com/errata/RHSA-2024:0116
reference_id	RHSA-2024:0116
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0116

reference_url	https://access.redhat.com/errata/RHSA-2024:0133
reference_id	RHSA-2024:0133
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0133

reference_url	https://access.redhat.com/errata/RHSA-2024:0187
reference_id	RHSA-2024:0187
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0187

reference_url	https://access.redhat.com/errata/RHSA-2024:0300
reference_id	RHSA-2024:0300
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0300

reference_url	https://access.redhat.com/errata/RHSA-2024:0464
reference_id	RHSA-2024:0464
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0464

reference_url	https://access.redhat.com/errata/RHSA-2024:0588
reference_id	RHSA-2024:0588
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0588

reference_url	https://access.redhat.com/errata/RHSA-2024:1383
reference_id	RHSA-2024:1383
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1383

reference_url	https://access.redhat.com/errata/RHSA-2024:2159
reference_id	RHSA-2024:2159
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2159

reference_url	https://access.redhat.com/errata/RHSA-2024:2985
reference_id	RHSA-2024:2985
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2985

reference_url	https://access.redhat.com/errata/RHSA-2024:2986
reference_id	RHSA-2024:2986
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2986

reference_url	https://access.redhat.com/errata/RHSA-2024:2987
reference_id	RHSA-2024:2987
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2987

fixed_packages

url pkg:pypi/urllib3@1.26.17

purl pkg:pypi/urllib3@1.26.17

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-21kr-1hbf-rfag

vulnerability	VCID-ueb4-ur9q-u3e1

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/urllib3@1.26.17

url pkg:pypi/urllib3@2.0.6

purl pkg:pypi/urllib3@2.0.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-21kr-1hbf-rfag

vulnerability	VCID-ueb4-ur9q-u3e1

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/urllib3@2.0.6

aliases CVE-2023-43804, GHSA-v845-jxx5-vc9f, PYSEC-2023-192

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ah3u-nfq4-dfg6

url VCID-tdg6-yu7k-tfbe

vulnerability_id VCID-tdg6-yu7k-tfbe

summary The _encode_invalid_chars function in util/url.py in the urllib3 library 1.25.2 through 1.25.7 for Python allows a denial of service (CPU consumption) because of an inefficient algorithm. The percent_encodings array contains all matches of percent encodings. It is not deduplicated. For a URL of length N, the size of percent_encodings may be up to O(N). The next step (normalize existing percent-encoded bytes) also takes up to O(N) for each step, so the total time is O(N^2). If percent_encodings were deduplicated, the time to compute _encode_invalid_chars would be O(kN), where k is at most 484 ((10+6*2)^2).

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7212.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7212.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-7212

reference_id

reference_type

scores

value	0.01147
scoring_system	epss
scoring_elements	0.78805
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-7212

reference_url

https://github.com/advisories/GHSA-hmv2-79q8-fv6g

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-hmv2-79q8-fv6g

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2020-149.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2020-149.yaml

reference_url

https://github.com/urllib3/urllib3

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/urllib3/urllib3

reference_url

https://github.com/urllib3/urllib3/blob/master/CHANGES.rst

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/urllib3/urllib3/blob/master/CHANGES.rst

reference_url

https://github.com/urllib3/urllib3/commit/a74c9cfbaed9f811e7563cfc3dce894928e0221a

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/urllib3/urllib3/commit/a74c9cfbaed9f811e7563cfc3dce894928e0221a

reference_url

https://pypi.org/project/urllib3/1.25.8

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://pypi.org/project/urllib3/1.25.8

reference_url	https://pypi.org/project/urllib3/1.25.8/
reference_id
reference_type
scores
url	https://pypi.org/project/urllib3/1.25.8/

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1812095
reference_id	1812095
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1812095

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-7212

reference_id

CVE-2020-7212

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-7212

fixed_packages

url pkg:pypi/urllib3@1.25.8

purl pkg:pypi/urllib3@1.25.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-21kr-1hbf-rfag

vulnerability	VCID-83up-c218-e7f3

vulnerability	VCID-ah3u-nfq4-dfg6

vulnerability	VCID-ueb4-ur9q-u3e1

vulnerability	VCID-ymx9-acnn-dbcy

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/urllib3@1.25.8

aliases CVE-2020-7212, GHSA-hmv2-79q8-fv6g, PYSEC-2020-149

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tdg6-yu7k-tfbe

url VCID-ueb4-ur9q-u3e1

vulnerability_id VCID-ueb4-ur9q-u3e1

summary urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connection_from_url().urlopen(..., assert_same_host=False) still forward these sensitive headers. This vulnerability is fixed in 2.7.0.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-44431.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-44431.json

reference_url

https://github.com/urllib3/urllib3

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/urllib3/urllib3

reference_url

https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-44431

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-44431

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136653
reference_id	1136653
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136653

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2477167
reference_id	2477167
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2477167

fixed_packages

url	pkg:pypi/urllib3@2.7.0
purl	pkg:pypi/urllib3@2.7.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/urllib3@2.7.0

aliases CVE-2026-44431, GHSA-qccp-gfcp-xxvc, PYSEC-2026-141

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ueb4-ur9q-u3e1

url VCID-ymx9-acnn-dbcy

vulnerability_id VCID-ymx9-acnn-dbcy

summary urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-26137.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-26137.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-26137

reference_id

reference_type

scores

value	0.00279
scoring_system	epss
scoring_elements	0.51551
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-26137

reference_url

https://bugs.python.org/issue39603

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugs.python.org/issue39603

reference_url	https://github.com/advisories/GHSA-wqvq-5m8c-6g24
reference_id
reference_type
scores
url	https://github.com/advisories/GHSA-wqvq-5m8c-6g24

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2020-148.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2020-148.yaml

reference_url

https://github.com/urllib3/urllib3

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/urllib3/urllib3

reference_url

https://github.com/urllib3/urllib3/commit/1dd69c5c5982fae7c87a620d487c2ebf7a6b436b

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/urllib3/urllib3/commit/1dd69c5c5982fae7c87a620d487c2ebf7a6b436b

reference_url

https://github.com/urllib3/urllib3/pull/1800

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/urllib3/urllib3/pull/1800

reference_url

https://lists.debian.org/debian-lts-announce/2021/06/msg00015.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2021/06/msg00015.html

reference_url

https://lists.debian.org/debian-lts-announce/2023/10/msg00012.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2023/10/msg00012.html

reference_url

https://usn.ubuntu.com/4570-1

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://usn.ubuntu.com/4570-1

reference_url	https://usn.ubuntu.com/4570-1/
reference_id
reference_type
scores
url	https://usn.ubuntu.com/4570-1/

reference_url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1883632
reference_id	1883632
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1883632

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-26137

reference_id

CVE-2020-26137

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-26137

reference_url	https://access.redhat.com/errata/RHSA-2020:4299
reference_id	RHSA-2020:4299
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4299

reference_url	https://access.redhat.com/errata/RHSA-2021:0034
reference_id	RHSA-2021:0034
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0034

reference_url	https://access.redhat.com/errata/RHSA-2021:0079
reference_id	RHSA-2021:0079
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0079

reference_url	https://access.redhat.com/errata/RHSA-2021:1631
reference_id	RHSA-2021:1631
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1631

reference_url	https://access.redhat.com/errata/RHSA-2021:1761
reference_id	RHSA-2021:1761
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1761

reference_url	https://access.redhat.com/errata/RHSA-2022:5235
reference_id	RHSA-2022:5235
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5235

fixed_packages

url pkg:pypi/urllib3@1.25.9

purl pkg:pypi/urllib3@1.25.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-21kr-1hbf-rfag

vulnerability	VCID-83up-c218-e7f3

vulnerability	VCID-ah3u-nfq4-dfg6

vulnerability	VCID-ueb4-ur9q-u3e1

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/urllib3@1.25.9

aliases CVE-2020-26137, GHSA-wqvq-5m8c-6g24, PYSEC-2020-148

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ymx9-acnn-dbcy

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/urllib3@1.25.3

Package Instance