Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:rpm/redhat/python-urllib3@1.24.2-5.el8_8?arch=1

Type rpm

Namespace redhat

Name python-urllib3

Version 1.24.2-5.el8_8

Qualifiers

arch	1

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url

VCID-4evk-srqq-fuef

vulnerability_id

VCID-4evk-srqq-fuef

summary

urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one that could accept a request body (like `POST`) to `GET` as is required by HTTP RFCs. Although this behavior is not specified in the section for redirects, it can be inferred by piecing together information from different sections and we have observed the behavior in other major HTTP client implementations like curl and web browsers. Because the vulnerability requires a previously trusted service to become compromised in order to have an impact on confidentiality we believe the exploitability of this vulnerability is low. Additionally, many users aren't putting sensitive data in HTTP request bodies, if this is the case then this vulnerability isn't exploitable. Both of the following conditions must be true to be affected by this vulnerability: 1. Using urllib3 and submitting sensitive information in the HTTP request body (such as form data or JSON) and 2. The origin service is compromised and starts redirecting using 301, 302, or 303 to a malicious peer or the redirected-to service becomes compromised. This issue has been addressed in versions 1.26.18 and 2.0.7 and users are advised to update to resolve this issue. Users unable to update should disable redirects for services that aren't expecting to respond with redirects with `redirects=False` and disable automatic redirects with `redirects=False` and handle 301, 302, and 303 redirects manually by stripping the HTTP request body.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45803.json

reference_id

reference_type

scores

value	4.2
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45803.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-45803

reference_id

reference_type

scores

value	0.00051
scoring_system	epss
scoring_elements	0.158
published_at	2026-04-21T12:55:00Z

value	0.00051
scoring_system	epss
scoring_elements	0.15757
published_at	2026-04-18T12:55:00Z

value	0.00051
scoring_system	epss
scoring_elements	0.15944
published_at	2026-04-02T12:55:00Z

value	0.00051
scoring_system	epss
scoring_elements	0.15748
published_at	2026-04-16T12:55:00Z

value	0.00051
scoring_system	epss
scoring_elements	0.15824
published_at	2026-04-13T12:55:00Z

value	0.00051
scoring_system	epss
scoring_elements	0.15931
published_at	2026-04-11T12:55:00Z

value	0.00051
scoring_system	epss
scoring_elements	0.15954
published_at	2026-04-09T12:55:00Z

value	0.00051
scoring_system	epss
scoring_elements	0.15893
published_at	2026-04-12T12:55:00Z

value	0.00051
scoring_system	epss
scoring_elements	0.16009
published_at	2026-04-04T12:55:00Z

value	0.00051
scoring_system	epss
scoring_elements	0.15807
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-45803

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45803
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45803

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2023-212.yaml

reference_id

reference_type

scores

value	4.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

value	5.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2023-212.yaml

reference_url

https://github.com/urllib3/urllib3

reference_id

reference_type

scores

value	4.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

value	5.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/urllib3/urllib3

reference_url

https://github.com/urllib3/urllib3/commit/4e50fbc5db74e32cabd5ccc1ab81fc103adfe0b3

reference_id

reference_type

scores

value	4.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

value	5.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/urllib3/urllib3/commit/4e50fbc5db74e32cabd5ccc1ab81fc103adfe0b3

reference_url

https://github.com/urllib3/urllib3/commit/4e98d57809dacab1cbe625fddeec1a290c478ea9

reference_id

reference_type

scores

value	4.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

value	5.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T15:56:19Z/

url

https://github.com/urllib3/urllib3/commit/4e98d57809dacab1cbe625fddeec1a290c478ea9

reference_url

https://github.com/urllib3/urllib3/commit/b594c5ceaca38e1ac215f916538fb128e3526a36

reference_id

reference_type

scores

value	4.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

value	5.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/urllib3/urllib3/commit/b594c5ceaca38e1ac215f916538fb128e3526a36

reference_url

https://github.com/urllib3/urllib3/releases/tag/1.26.18

reference_id

reference_type

scores

value	4.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

value	5.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/urllib3/urllib3/releases/tag/1.26.18

reference_url

https://github.com/urllib3/urllib3/releases/tag/2.0.7

reference_id

reference_type

scores

value	4.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

value	5.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/urllib3/urllib3/releases/tag/2.0.7

reference_url

https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4

reference_id

reference_type

scores

value	4.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	5.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T15:56:19Z/

url

https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4

reference_url

https://lists.debian.org/debian-lts-announce/2024/12/msg00020.html

reference_id

reference_type

scores

value	4.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

value	5.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2024/12/msg00020.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4R2Y5XK3WALSR3FNAGN7JBYV2B343ZKB

reference_id

reference_type

scores

value	4.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

value	5.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4R2Y5XK3WALSR3FNAGN7JBYV2B343ZKB

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5F5CUBAN5XMEBVBZPHFITBLMJV5FIJJ5

reference_id

reference_type

scores

value	4.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

value	5.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5F5CUBAN5XMEBVBZPHFITBLMJV5FIJJ5

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PPDPLM6UUMN55ESPQWJFLLIZY4ZKCNRX

reference_id

reference_type

scores

value	4.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

value	5.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PPDPLM6UUMN55ESPQWJFLLIZY4ZKCNRX

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PPDPLM6UUMN55ESPQWJFLLIZY4ZKCNRX/

reference_id

reference_type

scores

value	4.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T15:56:19Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PPDPLM6UUMN55ESPQWJFLLIZY4ZKCNRX/

reference_url

https://www.rfc-editor.org/rfc/rfc9110.html#name-get

reference_id

reference_type

scores

value	4.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

value	5.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T15:56:19Z/

url

https://www.rfc-editor.org/rfc/rfc9110.html#name-get

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054226
reference_id	1054226
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054226

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2246840
reference_id	2246840
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2246840

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4R2Y5XK3WALSR3FNAGN7JBYV2B343ZKB/

reference_id

4R2Y5XK3WALSR3FNAGN7JBYV2B343ZKB

reference_type

scores

value	4.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T15:56:19Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4R2Y5XK3WALSR3FNAGN7JBYV2B343ZKB/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5F5CUBAN5XMEBVBZPHFITBLMJV5FIJJ5/

reference_id

5F5CUBAN5XMEBVBZPHFITBLMJV5FIJJ5

reference_type

scores

value	4.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T15:56:19Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5F5CUBAN5XMEBVBZPHFITBLMJV5FIJJ5/

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-45803

reference_id

CVE-2023-45803

reference_type

scores

value	4.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

value	5.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-45803

reference_url

https://github.com/advisories/GHSA-g4mx-q9vg-27p4

reference_id

GHSA-g4mx-q9vg-27p4

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-g4mx-q9vg-27p4

reference_url	https://access.redhat.com/errata/RHSA-2023:7851
reference_id	RHSA-2023:7851
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7851

reference_url	https://access.redhat.com/errata/RHSA-2024:0116
reference_id	RHSA-2024:0116
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0116

reference_url	https://access.redhat.com/errata/RHSA-2024:0300
reference_id	RHSA-2024:0300
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0300

reference_url	https://access.redhat.com/errata/RHSA-2024:0464
reference_id	RHSA-2024:0464
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0464

reference_url	https://access.redhat.com/errata/RHSA-2024:0588
reference_id	RHSA-2024:0588
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0588

reference_url	https://access.redhat.com/errata/RHSA-2024:11189
reference_id	RHSA-2024:11189
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:11189

reference_url	https://access.redhat.com/errata/RHSA-2024:11238
reference_id	RHSA-2024:11238
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:11238

reference_url	https://access.redhat.com/errata/RHSA-2024:1155
reference_id	RHSA-2024:1155
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1155

reference_url	https://access.redhat.com/errata/RHSA-2024:1383
reference_id	RHSA-2024:1383
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1383

reference_url	https://access.redhat.com/errata/RHSA-2024:2132
reference_id	RHSA-2024:2132
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2132

reference_url	https://access.redhat.com/errata/RHSA-2024:2734
reference_id	RHSA-2024:2734
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2734

reference_url	https://access.redhat.com/errata/RHSA-2024:2952
reference_id	RHSA-2024:2952
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2952

reference_url	https://access.redhat.com/errata/RHSA-2024:2968
reference_id	RHSA-2024:2968
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2968

reference_url	https://access.redhat.com/errata/RHSA-2024:2988
reference_id	RHSA-2024:2988
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2988

reference_url	https://access.redhat.com/errata/RHSA-2025:0078
reference_id	RHSA-2025:0078
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:0078

reference_url	https://access.redhat.com/errata/RHSA-2025:1793
reference_id	RHSA-2025:1793
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1793

reference_url	https://access.redhat.com/errata/RHSA-2025:1813
reference_id	RHSA-2025:1813
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1813

reference_url	https://usn.ubuntu.com/6473-1/
reference_id	USN-6473-1
reference_type
scores
url	https://usn.ubuntu.com/6473-1/

reference_url	https://usn.ubuntu.com/6473-2/
reference_id	USN-6473-2
reference_type
scores
url	https://usn.ubuntu.com/6473-2/

reference_url	https://usn.ubuntu.com/7762-1/
reference_id	USN-7762-1
reference_type
scores
url	https://usn.ubuntu.com/7762-1/

fixed_packages

aliases

CVE-2023-45803, GHSA-g4mx-q9vg-27p4, PYSEC-2023-212

risk_score

3.1

exploitability

0.5

weighted_severity

6.2

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-4evk-srqq-fuef

url

VCID-969r-9mvk-uyh4

vulnerability_id

VCID-969r-9mvk-uyh4

summary

urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. This issue has been patched in urllib3 version 1.26.17 or 2.0.5.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-43804.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-43804.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-43804

reference_id

reference_type

scores

value	0.00867
scoring_system	epss
scoring_elements	0.75136
published_at	2026-04-04T12:55:00Z

value	0.00867
scoring_system	epss
scoring_elements	0.7516
published_at	2026-04-12T12:55:00Z

value	0.00867
scoring_system	epss
scoring_elements	0.75148
published_at	2026-04-13T12:55:00Z

value	0.00867
scoring_system	epss
scoring_elements	0.75114
published_at	2026-04-07T12:55:00Z

value	0.00867
scoring_system	epss
scoring_elements	0.75107
published_at	2026-04-02T12:55:00Z

value	0.00867
scoring_system	epss
scoring_elements	0.75182
published_at	2026-04-11T12:55:00Z

value	0.0095
scoring_system	epss
scoring_elements	0.76396
published_at	2026-04-21T12:55:00Z

value	0.0095
scoring_system	epss
scoring_elements	0.76412
published_at	2026-04-18T12:55:00Z

value	0.0095
scoring_system	epss
scoring_elements	0.76405
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-43804

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43804
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43804

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2023-192.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N

value	7.4
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2023-192.yaml

reference_url

https://github.com/urllib3/urllib3

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N

value	7.4
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/urllib3/urllib3

reference_url

https://github.com/urllib3/urllib3/commit/01220354d389cd05474713f8c982d05c9b17aafb

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	7.4
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/urllib3/urllib3/commit/01220354d389cd05474713f8c982d05c9b17aafb

reference_url

https://github.com/urllib3/urllib3/commit/644124ecd0b6e417c527191f866daa05a5a2056d

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	7.4
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/urllib3/urllib3/commit/644124ecd0b6e417c527191f866daa05a5a2056d

reference_url

https://github.com/urllib3/urllib3/security/advisories/GHSA-v845-jxx5-vc9f

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	7.4
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/urllib3/urllib3/security/advisories/GHSA-v845-jxx5-vc9f

reference_url

https://lists.debian.org/debian-lts-announce/2023/10/msg00012.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	7.4
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2023/10/msg00012.html

reference_url

https://lists.debian.org/debian-lts-announce/2024/12/msg00020.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N

value	7.4
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2024/12/msg00020.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5F5CUBAN5XMEBVBZPHFITBLMJV5FIJJ5

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N

value	7.4
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5F5CUBAN5XMEBVBZPHFITBLMJV5FIJJ5

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I3PR7C6RJ6JUBQKIJ644DMIJSUP36VDY

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N

value	7.4
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I3PR7C6RJ6JUBQKIJ644DMIJSUP36VDY

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDAGZXYJ7H2G3SB47M453VQVNAWKAEJJ

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N

value	7.4
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDAGZXYJ7H2G3SB47M453VQVNAWKAEJJ

reference_url

https://security.netapp.com/advisory/ntap-20241213-0007

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N

value	7.4
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20241213-0007

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053626
reference_id	1053626
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053626

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2242493
reference_id	2242493
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2242493

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-43804

reference_id

CVE-2023-43804

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N

value	7.4
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-43804

reference_url

https://www.vicarius.io/vsociety/posts/cve-2023-43804-urllib3-vulnerability-3

reference_id

CVE-2023-43804-URLLIB3-VULNERABILITY-3

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N

value	7.4
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.vicarius.io/vsociety/posts/cve-2023-43804-urllib3-vulnerability-3

reference_url

https://github.com/advisories/GHSA-v845-jxx5-vc9f

reference_id

GHSA-v845-jxx5-vc9f

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-v845-jxx5-vc9f

reference_url	https://access.redhat.com/errata/RHSA-2023:6158
reference_id	RHSA-2023:6158
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6158

reference_url	https://access.redhat.com/errata/RHSA-2023:6812
reference_id	RHSA-2023:6812
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6812

reference_url	https://access.redhat.com/errata/RHSA-2023:7378
reference_id	RHSA-2023:7378
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7378

reference_url	https://access.redhat.com/errata/RHSA-2023:7385
reference_id	RHSA-2023:7385
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7385

reference_url	https://access.redhat.com/errata/RHSA-2023:7407
reference_id	RHSA-2023:7407
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7407

reference_url	https://access.redhat.com/errata/RHSA-2023:7435
reference_id	RHSA-2023:7435
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7435

reference_url	https://access.redhat.com/errata/RHSA-2023:7523
reference_id	RHSA-2023:7523
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7523

reference_url	https://access.redhat.com/errata/RHSA-2023:7528
reference_id	RHSA-2023:7528
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7528

reference_url	https://access.redhat.com/errata/RHSA-2023:7753
reference_id	RHSA-2023:7753
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7753

reference_url	https://access.redhat.com/errata/RHSA-2024:0116
reference_id	RHSA-2024:0116
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0116

reference_url	https://access.redhat.com/errata/RHSA-2024:0133
reference_id	RHSA-2024:0133
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0133

reference_url	https://access.redhat.com/errata/RHSA-2024:0187
reference_id	RHSA-2024:0187
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0187

reference_url	https://access.redhat.com/errata/RHSA-2024:0300
reference_id	RHSA-2024:0300
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0300

reference_url	https://access.redhat.com/errata/RHSA-2024:0464
reference_id	RHSA-2024:0464
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0464

reference_url	https://access.redhat.com/errata/RHSA-2024:0588
reference_id	RHSA-2024:0588
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0588

reference_url	https://access.redhat.com/errata/RHSA-2024:1383
reference_id	RHSA-2024:1383
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1383

reference_url	https://access.redhat.com/errata/RHSA-2024:2159
reference_id	RHSA-2024:2159
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2159

reference_url	https://access.redhat.com/errata/RHSA-2024:2985
reference_id	RHSA-2024:2985
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2985

reference_url	https://access.redhat.com/errata/RHSA-2024:2986
reference_id	RHSA-2024:2986
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2986

reference_url	https://access.redhat.com/errata/RHSA-2024:2987
reference_id	RHSA-2024:2987
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2987

reference_url	https://usn.ubuntu.com/6473-1/
reference_id	USN-6473-1
reference_type
scores
url	https://usn.ubuntu.com/6473-1/

reference_url	https://usn.ubuntu.com/6473-2/
reference_id	USN-6473-2
reference_type
scores
url	https://usn.ubuntu.com/6473-2/

fixed_packages

aliases

CVE-2023-43804, GHSA-v845-jxx5-vc9f, PYSEC-2023-192

risk_score

4.0

exploitability

0.5

weighted_severity

8.0

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-969r-9mvk-uyh4

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python-urllib3@1.24.2-5.el8_8%3Farch=1

Package Instance