VulnerableCode Package Details - pkg:deb/debian/python-urllib3@1.25.8-1?distro=trixie

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:deb/debian/python-urllib3@1.25.8-1?distro=trixie

purl	pkg:deb/debian/python-urllib3@1.25.8-1?distro=trixie

Vulnerabilities affecting this package (0)

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-61sh-s5y1-w3f8	The _encode_invalid_chars function in util/url.py in the urllib3 library 1.25.2 through 1.25.7 for Python allows a denial of service (CPU consumption) because of an inefficient algorithm. The percent_encodings array contains all matches of percent encodings. It is not deduplicated. For a URL of length N, the size of percent_encodings may be up to O(N). The next step (normalize existing percent-encoded bytes) also takes up to O(N) for each step, so the total time is O(N^2). If percent_encodings were deduplicated, the time to compute _encode_invalid_chars would be O(kN), where k is at most 484 ((10+6*2)^2).	CVE-2020-7212 GHSA-hmv2-79q8-fv6g PYSEC-2020-149

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T13:20:29.526415+00:00	Debian Importer	Fixing	VCID-61sh-s5y1-w3f8	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T09:11:43.517594+00:00	Debian Importer	Fixing	VCID-61sh-s5y1-w3f8	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:50:55.566208+00:00	Debian Importer	Fixing	VCID-61sh-s5y1-w3f8	https://security-tracker.debian.org/tracker/data/json	38.1.0