VulnerableCode Package Details - pkg:rpm/redhat/python-urllib3@1.24.2-2?arch=el8

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:rpm/redhat/python-urllib3@1.24.2-2?arch=el8

purl	pkg:rpm/redhat/python-urllib3@1.24.2-2?arch=el8

Next non-vulnerable version	None.
Latest non-vulnerable version	None.
Risk	4.0

Vulnerabilities affecting this package (2)

Vulnerability	Summary	Fixed by
VCID-6kxp-qa5x-q3bq Aliases: CVE-2019-11324 GHSA-mh33-7rrq-662w PYSEC-2019-133	The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure is the correct outcome. This is related to use of the ssl_context, ca_certs, or ca_certs_dir argument.	There are no reported fixed by versions.
VCID-b3e6-k53t-bkgk Aliases: CVE-2019-11236 GHSA-r64q-w8jr-g9qp PYSEC-2019-132	In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter.	There are no reported fixed by versions.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T14:20:47.752013+00:00	RedHat Importer	Affected by	VCID-b3e6-k53t-bkgk	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11236.json	38.0.0
2026-04-01T14:19:59.295803+00:00	RedHat Importer	Affected by	VCID-6kxp-qa5x-q3bq	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11324.json	38.0.0