{"url":"http://public2.vulnerablecode.io/api/packages/7617?format=json","purl":"pkg:pypi/urllib3@1.1","type":"pypi","namespace":"","name":"urllib3","version":"1.1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.6.3","latest_non_vulnerable_version":"2.6.3","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11181?format=json","vulnerability_id":"VCID-4evk-srqq-fuef","summary":"urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one that could accept a request body (like `POST`) to `GET` as is required by HTTP RFCs. Although this behavior is not specified in the section for redirects, it can be inferred by piecing together information from different sections and we have observed the behavior in other major HTTP client implementations like curl and web browsers. Because the vulnerability requires a previously trusted service to become compromised in order to have an impact on confidentiality we believe the exploitability of this vulnerability is low. Additionally, many users aren't putting sensitive data in HTTP request bodies, if this is the case then this vulnerability isn't exploitable. Both of the following conditions must be true to be affected by this vulnerability: 1. Using urllib3 and submitting sensitive information in the HTTP request body (such as form data or JSON) and 2. The origin service is compromised and starts redirecting using 301, 302, or 303 to a malicious peer or the redirected-to service becomes compromised. This issue has been addressed in versions 1.26.18 and 2.0.7 and users are advised to update to resolve this issue. Users unable to update should disable redirects for services that aren't expecting to respond with redirects with `redirects=False` and disable automatic redirects with `redirects=False` and handle 301, 302, and 303 redirects manually by stripping the HTTP request body.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45803.json","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45803.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-45803","reference_id":"","reference_type":"","scores":[{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15748","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15824","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15944","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15931","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16009","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15807","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15893","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15954","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-45803"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45803","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45803"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2023-212.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2023-212.yaml"},{"reference_url":"https://github.com/urllib3/urllib3","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/urllib3/urllib3"},{"reference_url":"https://github.com/urllib3/urllib3/commit/4e50fbc5db74e32cabd5ccc1ab81fc103adfe0b3","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/urllib3/urllib3/commit/4e50fbc5db74e32cabd5ccc1ab81fc103adfe0b3"},{"reference_url":"https://github.com/urllib3/urllib3/commit/4e98d57809dacab1cbe625fddeec1a290c478ea9","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T15:56:19Z/"}],"url":"https://github.com/urllib3/urllib3/commit/4e98d57809dacab1cbe625fddeec1a290c478ea9"},{"reference_url":"https://github.com/urllib3/urllib3/commit/b594c5ceaca38e1ac215f916538fb128e3526a36","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/urllib3/urllib3/commit/b594c5ceaca38e1ac215f916538fb128e3526a36"},{"reference_url":"https://github.com/urllib3/urllib3/releases/tag/1.26.18","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/urllib3/urllib3/releases/tag/1.26.18"},{"reference_url":"https://github.com/urllib3/urllib3/releases/tag/2.0.7","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/urllib3/urllib3/releases/tag/2.0.7"},{"reference_url":"https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T15:56:19Z/"}],"url":"https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/12/msg00020.html","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2024/12/msg00020.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4R2Y5XK3WALSR3FNAGN7JBYV2B343ZKB","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4R2Y5XK3WALSR3FNAGN7JBYV2B343ZKB"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5F5CUBAN5XMEBVBZPHFITBLMJV5FIJJ5","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5F5CUBAN5XMEBVBZPHFITBLMJV5FIJJ5"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PPDPLM6UUMN55ESPQWJFLLIZY4ZKCNRX","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PPDPLM6UUMN55ESPQWJFLLIZY4ZKCNRX"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PPDPLM6UUMN55ESPQWJFLLIZY4ZKCNRX/","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T15:56:19Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PPDPLM6UUMN55ESPQWJFLLIZY4ZKCNRX/"},{"reference_url":"https://www.rfc-editor.org/rfc/rfc9110.html#name-get","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T15:56:19Z/"}],"url":"https://www.rfc-editor.org/rfc/rfc9110.html#name-get"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054226","reference_id":"1054226","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054226"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2246840","reference_id":"2246840","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2246840"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4R2Y5XK3WALSR3FNAGN7JBYV2B343ZKB/","reference_id":"4R2Y5XK3WALSR3FNAGN7JBYV2B343ZKB","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T15:56:19Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4R2Y5XK3WALSR3FNAGN7JBYV2B343ZKB/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5F5CUBAN5XMEBVBZPHFITBLMJV5FIJJ5/","reference_id":"5F5CUBAN5XMEBVBZPHFITBLMJV5FIJJ5","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T15:56:19Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5F5CUBAN5XMEBVBZPHFITBLMJV5FIJJ5/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-45803","reference_id":"CVE-2023-45803","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-45803"},{"reference_url":"https://github.com/advisories/GHSA-g4mx-q9vg-27p4","reference_id":"GHSA-g4mx-q9vg-27p4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g4mx-q9vg-27p4"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7851","reference_id":"RHSA-2023:7851","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7851"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0116","reference_id":"RHSA-2024:0116","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0116"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0300","reference_id":"RHSA-2024:0300","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0300"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0464","reference_id":"RHSA-2024:0464","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0464"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0588","reference_id":"RHSA-2024:0588","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0588"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:11189","reference_id":"RHSA-2024:11189","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:11189"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:11238","reference_id":"RHSA-2024:11238","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:11238"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1155","reference_id":"RHSA-2024:1155","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1155"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1383","reference_id":"RHSA-2024:1383","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1383"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2132","reference_id":"RHSA-2024:2132","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2132"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2734","reference_id":"RHSA-2024:2734","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2734"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2952","reference_id":"RHSA-2024:2952","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2952"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2968","reference_id":"RHSA-2024:2968","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2968"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2988","reference_id":"RHSA-2024:2988","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2988"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0078","reference_id":"RHSA-2025:0078","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0078"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1793","reference_id":"RHSA-2025:1793","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1793"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1813","reference_id":"RHSA-2025:1813","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1813"},{"reference_url":"https://usn.ubuntu.com/6473-1/","reference_id":"USN-6473-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6473-1/"},{"reference_url":"https://usn.ubuntu.com/6473-2/","reference_id":"USN-6473-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6473-2/"},{"reference_url":"https://usn.ubuntu.com/7762-1/","reference_id":"USN-7762-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7762-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39317?format=json","purl":"pkg:pypi/urllib3@1.26.18","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5tkp-pxz9-h7c2"},{"vulnerability":"VCID-7wcj-zvjq-xud3"},{"vulnerability":"VCID-kjka-a931-uygj"},{"vulnerability":"VCID-v365-pn8r-e7dh"},{"vulnerability":"VCID-zevs-1ge5-y7g7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/urllib3@1.26.18"},{"url":"http://public2.vulnerablecode.io/api/packages/625413?format=json","purl":"pkg:pypi/urllib3@2.0.0a1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7wcj-zvjq-xud3"},{"vulnerability":"VCID-kjka-a931-uygj"},{"vulnerability":"VCID-v365-pn8r-e7dh"},{"vulnerability":"VCID-zevs-1ge5-y7g7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/urllib3@2.0.0a1"},{"url":"http://public2.vulnerablecode.io/api/packages/39316?format=json","purl":"pkg:pypi/urllib3@2.0.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5tkp-pxz9-h7c2"},{"vulnerability":"VCID-7wcj-zvjq-xud3"},{"vulnerability":"VCID-kjka-a931-uygj"},{"vulnerability":"VCID-v365-pn8r-e7dh"},{"vulnerability":"VCID-zevs-1ge5-y7g7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/urllib3@2.0.7"}],"aliases":["CVE-2023-45803","GHSA-g4mx-q9vg-27p4","PYSEC-2023-212"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4evk-srqq-fuef"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/18564?format=json","vulnerability_id":"VCID-5tkp-pxz9-h7c2","summary":"urllib3's Proxy-Authorization request header isn't stripped during cross-origin redirects\nWhen using urllib3's proxy support with `ProxyManager`, the `Proxy-Authorization` header is only sent to the configured proxy, as expected.\n\nHowever, when sending HTTP requests *without* using urllib3's proxy support, it's possible to accidentally configure the `Proxy-Authorization` header even though it won't have any effect as the request is not using a forwarding proxy or a tunneling proxy. In those cases, urllib3 doesn't treat the `Proxy-Authorization` HTTP header as one carrying authentication material and thus doesn't strip the header on cross-origin redirects.\n\nBecause this is a highly unlikely scenario, we believe the severity of this vulnerability is low for almost all users. Out of an abundance of caution urllib3 will automatically strip the `Proxy-Authorization` header during cross-origin redirects to avoid the small chance that users are doing this on accident.\n\nUsers should use urllib3's proxy support or disable automatic redirects to achieve safe processing of the `Proxy-Authorization` header, but we still decided to strip the header by default in order to further protect users who aren't using the correct approach.\n\n## Affected usages\n\nWe believe the number of usages affected by this advisory is low. It requires all of the following to be true to be exploited:\n\n* Setting the `Proxy-Authorization` header without using urllib3's built-in proxy support.\n* Not disabling HTTP redirects.\n* Either not using an HTTPS origin server or for the proxy or target origin to redirect to a malicious origin.\n\n## Remediation\n\n* Using the `Proxy-Authorization` header with urllib3's `ProxyManager`.\n* Disabling HTTP redirects using `redirects=False` when sending requests.\n* Not using the `Proxy-Authorization` header.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-37891.json","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-37891.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-37891","reference_id":"","reference_type":"","scores":[{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.48973","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.48966","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.48992","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.48924","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.48975","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.48978","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00263","scoring_system":"epss","scoring_elements":"0.49702","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00263","scoring_system":"epss","scoring_elements":"0.49674","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-37891"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37891","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37891"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/urllib3/urllib3","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/urllib3/urllib3"},{"reference_url":"https://github.com/urllib3/urllib3/commit/40b6d1605814dd1db0a46e202d6e56f2e4c9a468","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/urllib3/urllib3/commit/40b6d1605814dd1db0a46e202d6e56f2e4c9a468"},{"reference_url":"https://github.com/urllib3/urllib3/commit/accff72ecc2f6cf5a76d9570198a93ac7c90270e","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-18T13:49:45Z/"}],"url":"https://github.com/urllib3/urllib3/commit/accff72ecc2f6cf5a76d9570198a93ac7c90270e"},{"reference_url":"https://github.com/urllib3/urllib3/security/advisories/GHSA-34jh-p97f-mpxf","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-18T13:49:45Z/"}],"url":"https://github.com/urllib3/urllib3/security/advisories/GHSA-34jh-p97f-mpxf"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/12/msg00020.html","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2024/12/msg00020.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-37891","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-37891"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240822-0003","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20240822-0003"},{"reference_url":"https://www.vicarius.io/vsociety/posts/proxy-authorization-header-handling-vulnerability-in-urllib3-cve-2024-37891","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.vicarius.io/vsociety/posts/proxy-authorization-header-handling-vulnerability-in-urllib3-cve-2024-37891"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074149","reference_id":"1074149","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074149"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2292788","reference_id":"2292788","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2292788"},{"reference_url":"https://github.com/advisories/GHSA-34jh-p97f-mpxf","reference_id":"GHSA-34jh-p97f-mpxf","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-34jh-p97f-mpxf"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4422","reference_id":"RHSA-2024:4422","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4422"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4730","reference_id":"RHSA-2024:4730","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4730"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4744","reference_id":"RHSA-2024:4744","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4744"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4746","reference_id":"RHSA-2024:4746","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4746"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5041","reference_id":"RHSA-2024:5041","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5041"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5309","reference_id":"RHSA-2024:5309","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5309"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5526","reference_id":"RHSA-2024:5526","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5526"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5622","reference_id":"RHSA-2024:5622","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5622"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5627","reference_id":"RHSA-2024:5627","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5627"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5633","reference_id":"RHSA-2024:5633","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5633"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6162","reference_id":"RHSA-2024:6162","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6162"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6239","reference_id":"RHSA-2024:6239","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6239"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6240","reference_id":"RHSA-2024:6240","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6240"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6309","reference_id":"RHSA-2024:6309","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6309"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6310","reference_id":"RHSA-2024:6310","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6310"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6311","reference_id":"RHSA-2024:6311","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6311"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6358","reference_id":"RHSA-2024:6358","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6358"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7312","reference_id":"RHSA-2024:7312","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7312"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8035","reference_id":"RHSA-2024:8035","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8035"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8842","reference_id":"RHSA-2024:8842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8843","reference_id":"RHSA-2024:8843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8906","reference_id":"RHSA-2024:8906","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8906"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:9457","reference_id":"RHSA-2024:9457","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:9457"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:9458","reference_id":"RHSA-2024:9458","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:9458"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:9922","reference_id":"RHSA-2024:9922","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:9922"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:9923","reference_id":"RHSA-2024:9923","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:9923"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:9985","reference_id":"RHSA-2024:9985","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:9985"},{"reference_url":"https://usn.ubuntu.com/7084-1/","reference_id":"USN-7084-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7084-1/"},{"reference_url":"https://usn.ubuntu.com/7084-2/","reference_id":"USN-7084-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7084-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/59267?format=json","purl":"pkg:pypi/urllib3@1.26.19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7wcj-zvjq-xud3"},{"vulnerability":"VCID-kjka-a931-uygj"},{"vulnerability":"VCID-v365-pn8r-e7dh"},{"vulnerability":"VCID-zevs-1ge5-y7g7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/urllib3@1.26.19"},{"url":"http://public2.vulnerablecode.io/api/packages/625413?format=json","purl":"pkg:pypi/urllib3@2.0.0a1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7wcj-zvjq-xud3"},{"vulnerability":"VCID-kjka-a931-uygj"},{"vulnerability":"VCID-v365-pn8r-e7dh"},{"vulnerability":"VCID-zevs-1ge5-y7g7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/urllib3@2.0.0a1"},{"url":"http://public2.vulnerablecode.io/api/packages/59268?format=json","purl":"pkg:pypi/urllib3@2.2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7wcj-zvjq-xud3"},{"vulnerability":"VCID-dxkv-8f9g-47e9"},{"vulnerability":"VCID-kjka-a931-uygj"},{"vulnerability":"VCID-v365-pn8r-e7dh"},{"vulnerability":"VCID-zevs-1ge5-y7g7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/urllib3@2.2.2"}],"aliases":["CVE-2024-37891","GHSA-34jh-p97f-mpxf"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5tkp-pxz9-h7c2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/89375?format=json","vulnerability_id":"VCID-692s-9j5p-gbf1","summary":"In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00039.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00039.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00041.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00041.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2272","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2272"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3335","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3335"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3590","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3590"},{"reference_url":"https://github.com/urllib3/urllib3/issues/1553","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/urllib3/urllib3/issues/1553"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/06/msg00016.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2019/06/msg00016.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NKGPJLVLVYCL4L4B4G5TIOTVK4BKPG72/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NKGPJLVLVYCL4L4B4G5TIOTVK4BKPG72/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R62XGEYPUTXMRHGX5I37EBCGQ5COHGKR/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R62XGEYPUTXMRHGX5I37EBCGQ5COHGKR/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TBI45HO533KYHNB5YRO43TBYKA3E3VRL/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TBI45HO533KYHNB5YRO43TBYKA3E3VRL/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOSA2NT4DUQDBEIWE6O7KKD24XND7TE2/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOSA2NT4DUQDBEIWE6O7KKD24XND7TE2/"},{"reference_url":"https://usn.ubuntu.com/3990-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3990-1/"},{"reference_url":"https://usn.ubuntu.com/3990-2/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3990-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/8349?format=json","purl":"pkg:pypi/urllib3@1.24.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4evk-srqq-fuef"},{"vulnerability":"VCID-5tkp-pxz9-h7c2"},{"vulnerability":"VCID-7wcj-zvjq-xud3"},{"vulnerability":"VCID-8par-whwz-6kft"},{"vulnerability":"VCID-969r-9mvk-uyh4"},{"vulnerability":"VCID-gxkt-bvtg-gbaj"},{"vulnerability":"VCID-kjka-a931-uygj"},{"vulnerability":"VCID-v365-pn8r-e7dh"},{"vulnerability":"VCID-zevs-1ge5-y7g7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/urllib3@1.24.3"}],"aliases":["PYSEC-2019-62"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-692s-9j5p-gbf1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5874?format=json","vulnerability_id":"VCID-6kxp-qa5x-q3bq","summary":"The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure is the correct outcome. This is related to use of the ssl_context, ca_certs, or ca_certs_dir argument.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00039.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00039.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00041.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00041.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3335","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:3335"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3590","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:3590"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11324.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11324.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11324","reference_id":"","reference_type":"","scores":[{"value":"0.01315","scoring_system":"epss","scoring_elements":"0.7984","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01315","scoring_system":"epss","scoring_elements":"0.79848","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01315","scoring_system":"epss","scoring_elements":"0.79865","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01315","scoring_system":"epss","scoring_elements":"0.79843","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01315","scoring_system":"epss","scoring_elements":"0.79835","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01315","scoring_system":"epss","scoring_elements":"0.79806","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01315","scoring_system":"epss","scoring_elements":"0.79819","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01315","scoring_system":"epss","scoring_elements":"0.79798","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01315","scoring_system":"epss","scoring_elements":"0.7979","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01315","scoring_system":"epss","scoring_elements":"0.79868","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11324"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11324","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11324"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/advisories/GHSA-mh33-7rrq-662w","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mh33-7rrq-662w"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2019-133.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2019-133.yaml"},{"reference_url":"https://github.com/urllib3/urllib3","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/urllib3/urllib3"},{"reference_url":"https://github.com/urllib3/urllib3/commit/1efadf43dc63317cd9eaa3e0fdb9e05ab07254b1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/urllib3/urllib3/commit/1efadf43dc63317cd9eaa3e0fdb9e05ab07254b1"},{"reference_url":"https://github.com/urllib3/urllib3/compare/a6ec68a...1efadf4","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/urllib3/urllib3/compare/a6ec68a...1efadf4"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/06/msg00015.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2021/06/msg00015.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/10/msg00012.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2023/10/msg00012.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NKGPJLVLVYCL4L4B4G5TIOTVK4BKPG72","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NKGPJLVLVYCL4L4B4G5TIOTVK4BKPG72"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NKGPJLVLVYCL4L4B4G5TIOTVK4BKPG72/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NKGPJLVLVYCL4L4B4G5TIOTVK4BKPG72/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOSA2NT4DUQDBEIWE6O7KKD24XND7TE2","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOSA2NT4DUQDBEIWE6O7KKD24XND7TE2"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOSA2NT4DUQDBEIWE6O7KKD24XND7TE2/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOSA2NT4DUQDBEIWE6O7KKD24XND7TE2/"},{"reference_url":"https://pypi.org/project/urllib3/1.24.2","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://pypi.org/project/urllib3/1.24.2"},{"reference_url":"https://usn.ubuntu.com/3990-1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/3990-1"},{"reference_url":"https://usn.ubuntu.com/3990-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3990-1/"},{"reference_url":"http://www.openwall.com/lists/oss-security/2019/04/19/1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2019/04/19/1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1702473","reference_id":"1702473","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1702473"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927412","reference_id":"927412","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927412"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-11324","reference_id":"CVE-2019-11324","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-11324"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0850","reference_id":"RHSA-2020:0850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0850"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1605","reference_id":"RHSA-2020:1605","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1605"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1916","reference_id":"RHSA-2020:1916","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1916"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2068","reference_id":"RHSA-2020:2068","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2068"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/8348?format=json","purl":"pkg:pypi/urllib3@1.24.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4evk-srqq-fuef"},{"vulnerability":"VCID-5tkp-pxz9-h7c2"},{"vulnerability":"VCID-692s-9j5p-gbf1"},{"vulnerability":"VCID-7wcj-zvjq-xud3"},{"vulnerability":"VCID-8par-whwz-6kft"},{"vulnerability":"VCID-969r-9mvk-uyh4"},{"vulnerability":"VCID-b3e6-k53t-bkgk"},{"vulnerability":"VCID-gxkt-bvtg-gbaj"},{"vulnerability":"VCID-kjka-a931-uygj"},{"vulnerability":"VCID-v365-pn8r-e7dh"},{"vulnerability":"VCID-zevs-1ge5-y7g7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/urllib3@1.24.2"}],"aliases":["CVE-2019-11324","GHSA-mh33-7rrq-662w","PYSEC-2019-133"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6kxp-qa5x-q3bq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/30039?format=json","vulnerability_id":"VCID-7wcj-zvjq-xud3","summary":"urllib3 redirects are not disabled when retries are disabled on PoolManager instantiation\nurllib3 handles redirects and retries using the same mechanism, which is controlled by the `Retry` object. The most common way to disable redirects is at the request level, as follows:\n\n```python\nresp = urllib3.request(\"GET\", \"https://httpbin.org/redirect/1\", redirect=False)\nprint(resp.status)\n# 302\n```\n\nHowever, it is also possible to disable redirects, for all requests, by instantiating a `PoolManager` and specifying `retries` in a way that disable redirects:\n\n```python\nimport urllib3\n\nhttp = urllib3.PoolManager(retries=0)  # should raise MaxRetryError on redirect\nhttp = urllib3.PoolManager(retries=urllib3.Retry(redirect=0))  # equivalent to the above\nhttp = urllib3.PoolManager(retries=False)  # should return the first response\n\nresp = http.request(\"GET\", \"https://httpbin.org/redirect/1\")\n```\n\nHowever, the `retries` parameter is currently ignored, which means all the above examples don't disable redirects.\n\n## Affected usages\n\nPassing `retries` on `PoolManager` instantiation to disable redirects or restrict their number.\n\nBy default, requests and botocore users are not affected.\n\n## Impact\n\nRedirects are often used to exploit SSRF vulnerabilities. An application attempting to mitigate SSRF or open redirect vulnerabilities by disabling redirects at the PoolManager level will remain vulnerable.\n\n## Remediation\n\nYou can remediate this vulnerability with the following steps:\n\n * Upgrade to a patched version of urllib3. If your organization would benefit from the continued support of urllib3 1.x, please contact [sethmichaellarson@gmail.com](mailto:sethmichaellarson@gmail.com) to discuss sponsorship or contribution opportunities.\n * Disable redirects at the `request()` level instead of the `PoolManager()` level.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-50181.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-50181.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-50181","reference_id":"","reference_type":"","scores":[{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07158","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07109","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07921","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07885","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07942","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07963","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07951","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07934","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-50181"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50181","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50181"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/urllib3/urllib3","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/urllib3/urllib3"},{"reference_url":"https://github.com/urllib3/urllib3/commit/f05b1329126d5be6de501f9d1e3e36738bc08857","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-23T16:45:50Z/"}],"url":"https://github.com/urllib3/urllib3/commit/f05b1329126d5be6de501f9d1e3e36738bc08857"},{"reference_url":"https://github.com/urllib3/urllib3/releases/tag/2.5.0","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-23T16:45:50Z/"}],"url":"https://github.com/urllib3/urllib3/releases/tag/2.5.0"},{"reference_url":"https://github.com/urllib3/urllib3/security/advisories/GHSA-pq67-6m6q-mj2v","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-23T16:45:50Z/"}],"url":"https://github.com/urllib3/urllib3/security/advisories/GHSA-pq67-6m6q-mj2v"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-50181","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-50181"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108076","reference_id":"1108076","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108076"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2373799","reference_id":"2373799","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2373799"},{"reference_url":"https://github.com/advisories/GHSA-pq67-6m6q-mj2v","reference_id":"GHSA-pq67-6m6q-mj2v","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pq67-6m6q-mj2v"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4215","reference_id":"RHSA-2026:4215","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4215"},{"reference_url":"https://usn.ubuntu.com/7599-1/","reference_id":"USN-7599-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7599-1/"},{"reference_url":"https://usn.ubuntu.com/7599-2/","reference_id":"USN-7599-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7599-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/70769?format=json","purl":"pkg:pypi/urllib3@2.5.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-kjka-a931-uygj"},{"vulnerability":"VCID-v365-pn8r-e7dh"},{"vulnerability":"VCID-zevs-1ge5-y7g7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/urllib3@2.5.0"}],"aliases":["CVE-2025-50181","GHSA-pq67-6m6q-mj2v"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7wcj-zvjq-xud3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6481?format=json","vulnerability_id":"VCID-8par-whwz-6kft","summary":"An issue was discovered in urllib3 before 1.26.5. When provided with a URL containing many @ characters in the authority component, the authority regular expression exhibits catastrophic backtracking, causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-33503.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-33503.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33503","reference_id":"","reference_type":"","scores":[{"value":"0.00863","scoring_system":"epss","scoring_elements":"0.7511","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00863","scoring_system":"epss","scoring_elements":"0.75072","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00863","scoring_system":"epss","scoring_elements":"0.75028","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00863","scoring_system":"epss","scoring_elements":"0.75083","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00863","scoring_system":"epss","scoring_elements":"0.75105","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00863","scoring_system":"epss","scoring_elements":"0.75082","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00863","scoring_system":"epss","scoring_elements":"0.7507","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00863","scoring_system":"epss","scoring_elements":"0.75036","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00863","scoring_system":"epss","scoring_elements":"0.7506","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00863","scoring_system":"epss","scoring_elements":"0.75031","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33503"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33503","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33503"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/advisories/GHSA-q2q7-5pp4-w6pg","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q2q7-5pp4-w6pg"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2021-108.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2021-108.yaml"},{"reference_url":"https://github.com/urllib3/urllib3","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/urllib3/urllib3"},{"reference_url":"https://github.com/urllib3/urllib3/commit/2d4a3fee6de2fa45eb82169361918f759269b4ec","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/urllib3/urllib3/commit/2d4a3fee6de2fa45eb82169361918f759269b4ec"},{"reference_url":"https://github.com/urllib3/urllib3/commit/5b047b645f5f93900d5e2fc31230848c25eb1f5f#diff-52026d639119bf1e0364836b4e8a18bd9ed3c95c6ba39b26534a5057a65e35bbR65","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/urllib3/urllib3/commit/5b047b645f5f93900d5e2fc31230848c25eb1f5f#diff-52026d639119bf1e0364836b4e8a18bd9ed3c95c6ba39b26534a5057a65e35bbR65"},{"reference_url":"https://github.com/urllib3/urllib3/security/advisories/GHSA-q2q7-5pp4-w6pg","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/urllib3/urllib3/security/advisories/GHSA-q2q7-5pp4-w6pg"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6SCV7ZNAHS3E6PBFLJGENCDRDRWRZZ6W","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6SCV7ZNAHS3E6PBFLJGENCDRDRWRZZ6W"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FMUGWEAUYGGHTPPXT6YBD53WYXQGVV73","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FMUGWEAUYGGHTPPXT6YBD53WYXQGVV73"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33503","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33503"},{"reference_url":"https://security.gentoo.org/glsa/202107-36","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202107-36"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2021.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1968074","reference_id":"1968074","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1968074"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989848","reference_id":"989848","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989848"},{"reference_url":"https://security.archlinux.org/ASA-202106-25","reference_id":"ASA-202106-25","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202106-25"},{"reference_url":"https://security.archlinux.org/AVG-2038","reference_id":"AVG-2038","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2038"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3473","reference_id":"RHSA-2021:3473","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3473"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4160","reference_id":"RHSA-2021:4160","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4160"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4162","reference_id":"RHSA-2021:4162","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4162"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4702","reference_id":"RHSA-2021:4702","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4702"},{"reference_url":"https://usn.ubuntu.com/5812-1/","reference_id":"USN-5812-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5812-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/17839?format=json","purl":"pkg:pypi/urllib3@1.26.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4evk-srqq-fuef"},{"vulnerability":"VCID-5tkp-pxz9-h7c2"},{"vulnerability":"VCID-7wcj-zvjq-xud3"},{"vulnerability":"VCID-969r-9mvk-uyh4"},{"vulnerability":"VCID-kjka-a931-uygj"},{"vulnerability":"VCID-v365-pn8r-e7dh"},{"vulnerability":"VCID-zevs-1ge5-y7g7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/urllib3@1.26.5"}],"aliases":["CVE-2021-33503","GHSA-q2q7-5pp4-w6pg","PYSEC-2021-108"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8par-whwz-6kft"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11108?format=json","vulnerability_id":"VCID-969r-9mvk-uyh4","summary":"urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. This issue has been patched in urllib3 version 1.26.17 or 2.0.5.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-43804.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-43804.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-43804","reference_id":"","reference_type":"","scores":[{"value":"0.00867","scoring_system":"epss","scoring_elements":"0.75148","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00867","scoring_system":"epss","scoring_elements":"0.75182","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00867","scoring_system":"epss","scoring_elements":"0.7516","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00867","scoring_system":"epss","scoring_elements":"0.75114","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00867","scoring_system":"epss","scoring_elements":"0.75136","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00867","scoring_system":"epss","scoring_elements":"0.75107","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0095","scoring_system":"epss","scoring_elements":"0.76405","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-43804"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43804","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43804"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2023-192.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"7.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2023-192.yaml"},{"reference_url":"https://github.com/urllib3/urllib3","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"7.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/urllib3/urllib3"},{"reference_url":"https://github.com/urllib3/urllib3/commit/01220354d389cd05474713f8c982d05c9b17aafb","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"7.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/urllib3/urllib3/commit/01220354d389cd05474713f8c982d05c9b17aafb"},{"reference_url":"https://github.com/urllib3/urllib3/commit/644124ecd0b6e417c527191f866daa05a5a2056d","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"7.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/urllib3/urllib3/commit/644124ecd0b6e417c527191f866daa05a5a2056d"},{"reference_url":"https://github.com/urllib3/urllib3/security/advisories/GHSA-v845-jxx5-vc9f","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/urllib3/urllib3/security/advisories/GHSA-v845-jxx5-vc9f"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/10/msg00012.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"7.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2023/10/msg00012.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/12/msg00020.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"7.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2024/12/msg00020.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5F5CUBAN5XMEBVBZPHFITBLMJV5FIJJ5","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"7.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5F5CUBAN5XMEBVBZPHFITBLMJV5FIJJ5"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I3PR7C6RJ6JUBQKIJ644DMIJSUP36VDY","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"7.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I3PR7C6RJ6JUBQKIJ644DMIJSUP36VDY"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDAGZXYJ7H2G3SB47M453VQVNAWKAEJJ","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"7.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDAGZXYJ7H2G3SB47M453VQVNAWKAEJJ"},{"reference_url":"https://security.netapp.com/advisory/ntap-20241213-0007","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"7.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20241213-0007"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053626","reference_id":"1053626","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053626"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2242493","reference_id":"2242493","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2242493"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-43804","reference_id":"CVE-2023-43804","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"7.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-43804"},{"reference_url":"https://www.vicarius.io/vsociety/posts/cve-2023-43804-urllib3-vulnerability-3","reference_id":"CVE-2023-43804-URLLIB3-VULNERABILITY-3","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"7.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.vicarius.io/vsociety/posts/cve-2023-43804-urllib3-vulnerability-3"},{"reference_url":"https://github.com/advisories/GHSA-v845-jxx5-vc9f","reference_id":"GHSA-v845-jxx5-vc9f","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v845-jxx5-vc9f"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:6158","reference_id":"RHSA-2023:6158","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:6158"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:6812","reference_id":"RHSA-2023:6812","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:6812"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7378","reference_id":"RHSA-2023:7378","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7378"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7385","reference_id":"RHSA-2023:7385","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7385"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7407","reference_id":"RHSA-2023:7407","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7407"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7435","reference_id":"RHSA-2023:7435","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7435"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7523","reference_id":"RHSA-2023:7523","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7523"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7528","reference_id":"RHSA-2023:7528","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7528"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7753","reference_id":"RHSA-2023:7753","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7753"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0116","reference_id":"RHSA-2024:0116","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0116"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0133","reference_id":"RHSA-2024:0133","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0133"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0187","reference_id":"RHSA-2024:0187","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0187"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0300","reference_id":"RHSA-2024:0300","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0300"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0464","reference_id":"RHSA-2024:0464","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0464"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0588","reference_id":"RHSA-2024:0588","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0588"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1383","reference_id":"RHSA-2024:1383","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1383"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2159","reference_id":"RHSA-2024:2159","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2159"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2985","reference_id":"RHSA-2024:2985","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2985"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2986","reference_id":"RHSA-2024:2986","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2986"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2987","reference_id":"RHSA-2024:2987","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2987"},{"reference_url":"https://usn.ubuntu.com/6473-1/","reference_id":"USN-6473-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6473-1/"},{"reference_url":"https://usn.ubuntu.com/6473-2/","reference_id":"USN-6473-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6473-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/38870?format=json","purl":"pkg:pypi/urllib3@1.26.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4evk-srqq-fuef"},{"vulnerability":"VCID-5tkp-pxz9-h7c2"},{"vulnerability":"VCID-7wcj-zvjq-xud3"},{"vulnerability":"VCID-kjka-a931-uygj"},{"vulnerability":"VCID-v365-pn8r-e7dh"},{"vulnerability":"VCID-zevs-1ge5-y7g7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/urllib3@1.26.17"},{"url":"http://public2.vulnerablecode.io/api/packages/625413?format=json","purl":"pkg:pypi/urllib3@2.0.0a1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7wcj-zvjq-xud3"},{"vulnerability":"VCID-kjka-a931-uygj"},{"vulnerability":"VCID-v365-pn8r-e7dh"},{"vulnerability":"VCID-zevs-1ge5-y7g7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/urllib3@2.0.0a1"},{"url":"http://public2.vulnerablecode.io/api/packages/38869?format=json","purl":"pkg:pypi/urllib3@2.0.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4evk-srqq-fuef"},{"vulnerability":"VCID-5tkp-pxz9-h7c2"},{"vulnerability":"VCID-7wcj-zvjq-xud3"},{"vulnerability":"VCID-kjka-a931-uygj"},{"vulnerability":"VCID-v365-pn8r-e7dh"},{"vulnerability":"VCID-zevs-1ge5-y7g7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/urllib3@2.0.6"}],"aliases":["CVE-2023-43804","GHSA-v845-jxx5-vc9f","PYSEC-2023-192"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-969r-9mvk-uyh4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5872?format=json","vulnerability_id":"VCID-b3e6-k53t-bkgk","summary":"In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00039.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00039.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00041.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00041.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2272","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:2272"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3335","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:3335"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3590","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:3590"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11236.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11236.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11236","reference_id":"","reference_type":"","scores":[{"value":"0.00624","scoring_system":"epss","scoring_elements":"0.70106","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00624","scoring_system":"epss","scoring_elements":"0.70121","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00624","scoring_system":"epss","scoring_elements":"0.70098","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00624","scoring_system":"epss","scoring_elements":"0.70145","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00624","scoring_system":"epss","scoring_elements":"0.70161","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00624","scoring_system":"epss","scoring_elements":"0.70185","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00624","scoring_system":"epss","scoring_elements":"0.7017","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00624","scoring_system":"epss","scoring_elements":"0.70158","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00624","scoring_system":"epss","scoring_elements":"0.702","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00624","scoring_system":"epss","scoring_elements":"0.70094","published_at":"2026-04-01T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11236"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11236","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11236"},{"reference_url":"https://github.com/advisories/GHSA-r64q-w8jr-g9qp","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r64q-w8jr-g9qp"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2019-132.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2019-132.yaml"},{"reference_url":"https://github.com/urllib3/urllib3","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/urllib3/urllib3"},{"reference_url":"https://github.com/urllib3/urllib3/issues/1553","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/urllib3/urllib3/issues/1553"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/06/msg00016.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2019/06/msg00016.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/06/msg00015.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2021/06/msg00015.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/10/msg00012.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2023/10/msg00012.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NKGPJLVLVYCL4L4B4G5TIOTVK4BKPG72/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NKGPJLVLVYCL4L4B4G5TIOTVK4BKPG72/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R62XGEYPUTXMRHGX5I37EBCGQ5COHGKR/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R62XGEYPUTXMRHGX5I37EBCGQ5COHGKR/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TBI45HO533KYHNB5YRO43TBYKA3E3VRL/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TBI45HO533KYHNB5YRO43TBYKA3E3VRL/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XOSA2NT4DUQDBEIWE6O7KKD24XND7TE2/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XOSA2NT4DUQDBEIWE6O7KKD24XND7TE2/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NKGPJLVLVYCL4L4B4G5TIOTVK4BKPG72","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NKGPJLVLVYCL4L4B4G5TIOTVK4BKPG72"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NKGPJLVLVYCL4L4B4G5TIOTVK4BKPG72/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NKGPJLVLVYCL4L4B4G5TIOTVK4BKPG72/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R62XGEYPUTXMRHGX5I37EBCGQ5COHGKR","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R62XGEYPUTXMRHGX5I37EBCGQ5COHGKR"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R62XGEYPUTXMRHGX5I37EBCGQ5COHGKR/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R62XGEYPUTXMRHGX5I37EBCGQ5COHGKR/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TBI45HO533KYHNB5YRO43TBYKA3E3VRL","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TBI45HO533KYHNB5YRO43TBYKA3E3VRL"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TBI45HO533KYHNB5YRO43TBYKA3E3VRL/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TBI45HO533KYHNB5YRO43TBYKA3E3VRL/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOSA2NT4DUQDBEIWE6O7KKD24XND7TE2","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOSA2NT4DUQDBEIWE6O7KKD24XND7TE2"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOSA2NT4DUQDBEIWE6O7KKD24XND7TE2/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOSA2NT4DUQDBEIWE6O7KKD24XND7TE2/"},{"reference_url":"https://usn.ubuntu.com/3990-1","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/3990-1"},{"reference_url":"https://usn.ubuntu.com/3990-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3990-1/"},{"reference_url":"https://usn.ubuntu.com/3990-2","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/3990-2"},{"reference_url":"https://usn.ubuntu.com/3990-2/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3990-2/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1700824","reference_id":"1700824","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1700824"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927172","reference_id":"927172","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927172"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:urllib3:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:python:urllib3:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:urllib3:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-11236","reference_id":"CVE-2019-11236","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-11236"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0850","reference_id":"RHSA-2020:0850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0850"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0851","reference_id":"RHSA-2020:0851","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0851"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1605","reference_id":"RHSA-2020:1605","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1605"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1916","reference_id":"RHSA-2020:1916","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1916"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2068","reference_id":"RHSA-2020:2068","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2068"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2081","reference_id":"RHSA-2020:2081","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2081"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/8349?format=json","purl":"pkg:pypi/urllib3@1.24.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4evk-srqq-fuef"},{"vulnerability":"VCID-5tkp-pxz9-h7c2"},{"vulnerability":"VCID-7wcj-zvjq-xud3"},{"vulnerability":"VCID-8par-whwz-6kft"},{"vulnerability":"VCID-969r-9mvk-uyh4"},{"vulnerability":"VCID-gxkt-bvtg-gbaj"},{"vulnerability":"VCID-kjka-a931-uygj"},{"vulnerability":"VCID-v365-pn8r-e7dh"},{"vulnerability":"VCID-zevs-1ge5-y7g7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/urllib3@1.24.3"}],"aliases":["CVE-2019-11236","GHSA-r64q-w8jr-g9qp","PYSEC-2019-132"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b3e6-k53t-bkgk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6173?format=json","vulnerability_id":"VCID-gxkt-bvtg-gbaj","summary":"urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-26137.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-26137.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-26137","reference_id":"","reference_type":"","scores":[{"value":"0.00277","scoring_system":"epss","scoring_elements":"0.51195","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00277","scoring_system":"epss","scoring_elements":"0.51156","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00277","scoring_system":"epss","scoring_elements":"0.51061","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00277","scoring_system":"epss","scoring_elements":"0.51171","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00277","scoring_system":"epss","scoring_elements":"0.51193","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00277","scoring_system":"epss","scoring_elements":"0.51149","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00277","scoring_system":"epss","scoring_elements":"0.51152","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00277","scoring_system":"epss","scoring_elements":"0.51097","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00277","scoring_system":"epss","scoring_elements":"0.51139","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00277","scoring_system":"epss","scoring_elements":"0.51115","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-26137"},{"reference_url":"https://bugs.python.org/issue39603","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.python.org/issue39603"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26137","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26137"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/advisories/GHSA-wqvq-5m8c-6g24","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wqvq-5m8c-6g24"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2020-148.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2020-148.yaml"},{"reference_url":"https://github.com/urllib3/urllib3","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/urllib3/urllib3"},{"reference_url":"https://github.com/urllib3/urllib3/commit/1dd69c5c5982fae7c87a620d487c2ebf7a6b436b","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/urllib3/urllib3/commit/1dd69c5c5982fae7c87a620d487c2ebf7a6b436b"},{"reference_url":"https://github.com/urllib3/urllib3/pull/1800","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/urllib3/urllib3/pull/1800"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/06/msg00015.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2021/06/msg00015.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/10/msg00012.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2023/10/msg00012.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-26137","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-26137"},{"reference_url":"https://usn.ubuntu.com/4570-1","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/4570-1"},{"reference_url":"https://usn.ubuntu.com/4570-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4570-1/"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2022.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujul2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2021.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1883632","reference_id":"1883632","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1883632"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4299","reference_id":"RHSA-2020:4299","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4299"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0034","reference_id":"RHSA-2021:0034","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0034"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0079","reference_id":"RHSA-2021:0079","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0079"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1631","reference_id":"RHSA-2021:1631","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1631"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1761","reference_id":"RHSA-2021:1761","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1761"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5235","reference_id":"RHSA-2022:5235","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5235"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/13447?format=json","purl":"pkg:pypi/urllib3@1.25.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4evk-srqq-fuef"},{"vulnerability":"VCID-5tkp-pxz9-h7c2"},{"vulnerability":"VCID-7wcj-zvjq-xud3"},{"vulnerability":"VCID-8par-whwz-6kft"},{"vulnerability":"VCID-969r-9mvk-uyh4"},{"vulnerability":"VCID-kjka-a931-uygj"},{"vulnerability":"VCID-v365-pn8r-e7dh"},{"vulnerability":"VCID-zevs-1ge5-y7g7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/urllib3@1.25.9"}],"aliases":["CVE-2020-26137","GHSA-wqvq-5m8c-6g24","PYSEC-2020-148"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gxkt-bvtg-gbaj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11155?format=json","vulnerability_id":"VCID-squd-j9t3-9khh","summary":"urllib3 before 1.24.2 does not remove the authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the authorization header to be exposed to unintended hosts or transmitted in cleartext. NOTE: this issue exists because of an incomplete fix for CVE-2018-20060 (which was case-sensitive).","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-25091.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-25091.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-25091","reference_id":"","reference_type":"","scores":[{"value":"0.0025","scoring_system":"epss","scoring_elements":"0.48444","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0025","scoring_system":"epss","scoring_elements":"0.4836","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0025","scoring_system":"epss","scoring_elements":"0.48393","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0025","scoring_system":"epss","scoring_elements":"0.48381","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0025","scoring_system":"epss","scoring_elements":"0.48383","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0025","scoring_system":"epss","scoring_elements":"0.48389","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0025","scoring_system":"epss","scoring_elements":"0.48334","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0025","scoring_system":"epss","scoring_elements":"0.48325","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0025","scoring_system":"epss","scoring_elements":"0.48408","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-25091"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25091","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25091"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2023-207.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2023-207.yaml"},{"reference_url":"https://github.com/urllib3/urllib3","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/urllib3/urllib3"},{"reference_url":"https://github.com/urllib3/urllib3/commit/adb358f8e06865406d1f05e581a16cbea2136fbc","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-16T19:01:32Z/"}],"url":"https://github.com/urllib3/urllib3/commit/adb358f8e06865406d1f05e581a16cbea2136fbc"},{"reference_url":"https://github.com/urllib3/urllib3/compare/1.24.1...1.24.2","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-16T19:01:32Z/"}],"url":"https://github.com/urllib3/urllib3/compare/1.24.1...1.24.2"},{"reference_url":"https://github.com/urllib3/urllib3/issues/1510","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-16T19:01:32Z/"}],"url":"https://github.com/urllib3/urllib3/issues/1510"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2244340","reference_id":"2244340","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2244340"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-25091","reference_id":"CVE-2018-25091","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-25091"},{"reference_url":"https://github.com/advisories/GHSA-gwvm-45gx-3cf8","reference_id":"GHSA-gwvm-45gx-3cf8","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gwvm-45gx-3cf8"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2988","reference_id":"RHSA-2024:2988","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2988"},{"reference_url":"https://usn.ubuntu.com/6473-1/","reference_id":"USN-6473-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6473-1/"},{"reference_url":"https://usn.ubuntu.com/6473-2/","reference_id":"USN-6473-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6473-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/8348?format=json","purl":"pkg:pypi/urllib3@1.24.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4evk-srqq-fuef"},{"vulnerability":"VCID-5tkp-pxz9-h7c2"},{"vulnerability":"VCID-692s-9j5p-gbf1"},{"vulnerability":"VCID-7wcj-zvjq-xud3"},{"vulnerability":"VCID-8par-whwz-6kft"},{"vulnerability":"VCID-969r-9mvk-uyh4"},{"vulnerability":"VCID-b3e6-k53t-bkgk"},{"vulnerability":"VCID-gxkt-bvtg-gbaj"},{"vulnerability":"VCID-kjka-a931-uygj"},{"vulnerability":"VCID-v365-pn8r-e7dh"},{"vulnerability":"VCID-zevs-1ge5-y7g7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/urllib3@1.24.2"}],"aliases":["CVE-2018-25091","GHSA-gwvm-45gx-3cf8","PYSEC-2023-207"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-squd-j9t3-9khh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5814?format=json","vulnerability_id":"VCID-swgb-7b34-h3a9","summary":"urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00039.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00039.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2272","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:2272"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20060.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20060.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20060","reference_id":"","reference_type":"","scores":[{"value":"0.00434","scoring_system":"epss","scoring_elements":"0.62859","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00434","scoring_system":"epss","scoring_elements":"0.62854","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00434","scoring_system":"epss","scoring_elements":"0.62836","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00434","scoring_system":"epss","scoring_elements":"0.62819","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00434","scoring_system":"epss","scoring_elements":"0.62768","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00434","scoring_system":"epss","scoring_elements":"0.62804","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00434","scoring_system":"epss","scoring_elements":"0.62774","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00434","scoring_system":"epss","scoring_elements":"0.62717","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00434","scoring_system":"epss","scoring_elements":"0.62842","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20060"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1649153","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1649153"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20060","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20060"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/advisories/GHSA-www2-v7xj-xrc6","reference_id":"","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-www2-v7xj-xrc6"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2018-32.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2018-32.yaml"},{"reference_url":"https://github.com/urllib3/urllib3","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/urllib3/urllib3"},{"reference_url":"https://github.com/urllib3/urllib3/blob/master/CHANGES.rst","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/urllib3/urllib3/blob/master/CHANGES.rst"},{"reference_url":"https://github.com/urllib3/urllib3/commit/560bd227b90f74417ffaedebf5f8d05a8ee4f532","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/urllib3/urllib3/commit/560bd227b90f74417ffaedebf5f8d05a8ee4f532"},{"reference_url":"https://github.com/urllib3/urllib3/issues/1316","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/urllib3/urllib3/issues/1316"},{"reference_url":"https://github.com/urllib3/urllib3/pull/1346","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/urllib3/urllib3/pull/1346"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/06/msg00015.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2021/06/msg00015.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5SJERZEJDSUYQP7BNBXMBHRHGY26HRZD","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5SJERZEJDSUYQP7BNBXMBHRHGY26HRZD"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BXLAXHM3Z6DUCXZ7ZXZ2EAYJXWDCZFCT","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BXLAXHM3Z6DUCXZ7ZXZ2EAYJXWDCZFCT"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWP36YW3KSVLXDBY3QJKDYEPCIMN3VQZ","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWP36YW3KSVLXDBY3QJKDYEPCIMN3VQZ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5SJERZEJDSUYQP7BNBXMBHRHGY26HRZD","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5SJERZEJDSUYQP7BNBXMBHRHGY26HRZD"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5SJERZEJDSUYQP7BNBXMBHRHGY26HRZD/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5SJERZEJDSUYQP7BNBXMBHRHGY26HRZD/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BXLAXHM3Z6DUCXZ7ZXZ2EAYJXWDCZFCT","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BXLAXHM3Z6DUCXZ7ZXZ2EAYJXWDCZFCT"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BXLAXHM3Z6DUCXZ7ZXZ2EAYJXWDCZFCT/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BXLAXHM3Z6DUCXZ7ZXZ2EAYJXWDCZFCT/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWP36YW3KSVLXDBY3QJKDYEPCIMN3VQZ","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWP36YW3KSVLXDBY3QJKDYEPCIMN3VQZ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWP36YW3KSVLXDBY3QJKDYEPCIMN3VQZ/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWP36YW3KSVLXDBY3QJKDYEPCIMN3VQZ/"},{"reference_url":"https://security.netapp.com/advisory/ntap-20241227-0010","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20241227-0010"},{"reference_url":"https://usn.ubuntu.com/3990-1","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/3990-1"},{"reference_url":"https://usn.ubuntu.com/3990-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3990-1/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-20060","reference_id":"CVE-2018-20060","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-20060"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0850","reference_id":"RHSA-2020:0850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0850"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0851","reference_id":"RHSA-2020:0851","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0851"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1605","reference_id":"RHSA-2020:1605","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1605"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1916","reference_id":"RHSA-2020:1916","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1916"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2068","reference_id":"RHSA-2020:2068","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2068"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2081","reference_id":"RHSA-2020:2081","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2081"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/7651?format=json","purl":"pkg:pypi/urllib3@1.23","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4evk-srqq-fuef"},{"vulnerability":"VCID-5tkp-pxz9-h7c2"},{"vulnerability":"VCID-692s-9j5p-gbf1"},{"vulnerability":"VCID-6kxp-qa5x-q3bq"},{"vulnerability":"VCID-7wcj-zvjq-xud3"},{"vulnerability":"VCID-8par-whwz-6kft"},{"vulnerability":"VCID-969r-9mvk-uyh4"},{"vulnerability":"VCID-b3e6-k53t-bkgk"},{"vulnerability":"VCID-gxkt-bvtg-gbaj"},{"vulnerability":"VCID-kjka-a931-uygj"},{"vulnerability":"VCID-squd-j9t3-9khh"},{"vulnerability":"VCID-x61z-9ntw-x3dh"},{"vulnerability":"VCID-zevs-1ge5-y7g7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/urllib3@1.23"}],"aliases":["CVE-2018-20060","GHSA-www2-v7xj-xrc6","PYSEC-2018-32"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-swgb-7b34-h3a9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/89390?format=json","vulnerability_id":"VCID-x61z-9ntw-x3dh","summary":"The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure is the correct outcome. This is related to use of the ssl_context, ca_certs, or ca_certs_dir argument.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00039.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00039.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00041.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00041.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3335","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3335"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3590","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3590"},{"reference_url":"https://github.com/urllib3/urllib3/compare/a6ec68a...1efadf4","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/urllib3/urllib3/compare/a6ec68a...1efadf4"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NKGPJLVLVYCL4L4B4G5TIOTVK4BKPG72/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NKGPJLVLVYCL4L4B4G5TIOTVK4BKPG72/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOSA2NT4DUQDBEIWE6O7KKD24XND7TE2/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOSA2NT4DUQDBEIWE6O7KKD24XND7TE2/"},{"reference_url":"https://usn.ubuntu.com/3990-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3990-1/"},{"reference_url":"http://www.openwall.com/lists/oss-security/2019/04/19/1","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2019/04/19/1"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/8348?format=json","purl":"pkg:pypi/urllib3@1.24.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4evk-srqq-fuef"},{"vulnerability":"VCID-5tkp-pxz9-h7c2"},{"vulnerability":"VCID-692s-9j5p-gbf1"},{"vulnerability":"VCID-7wcj-zvjq-xud3"},{"vulnerability":"VCID-8par-whwz-6kft"},{"vulnerability":"VCID-969r-9mvk-uyh4"},{"vulnerability":"VCID-b3e6-k53t-bkgk"},{"vulnerability":"VCID-gxkt-bvtg-gbaj"},{"vulnerability":"VCID-kjka-a931-uygj"},{"vulnerability":"VCID-v365-pn8r-e7dh"},{"vulnerability":"VCID-zevs-1ge5-y7g7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/urllib3@1.24.2"}],"aliases":["PYSEC-2019-63"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x61z-9ntw-x3dh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/23760?format=json","vulnerability_id":"VCID-zevs-1ge5-y7g7","summary":"urllib3 streaming API improperly handles highly compressed data\nurllib3's [streaming API](https://urllib3.readthedocs.io/en/2.5.0/advanced-usage.html#streaming-and-i-o) is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once.\n\nWhen streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP `Content-Encoding` header (e.g., `gzip`, `deflate`, `br`, or `zstd`). The library must read compressed data from the network and decompress it until the requested chunk size is met. Any resulting decompressed data that exceeds the requested amount is held in an internal buffer for the next read operation.\n\nThe decompression logic could cause urllib3 to fully decode a small amount of highly compressed data in a single operation. This can result in excessive resource consumption (high CPU usage and massive memory allocation for the decompressed data; CWE-409) on the client side, even if the application only requested a small chunk of data.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-66471.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-66471.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-66471","reference_id":"","reference_type":"","scores":[{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07482","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.0744","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.09034","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08924","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.09002","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08985","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08998","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-66471"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66471","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66471"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/urllib3/urllib3","reference_id":"","reference_type":"","scores":[{"value":"8.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/urllib3/urllib3"},{"reference_url":"https://github.com/urllib3/urllib3/commit/c19571de34c47de3a766541b041637ba5f716ed7","reference_id":"","reference_type":"","scores":[{"value":"8.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-05T19:32:57Z/"}],"url":"https://github.com/urllib3/urllib3/commit/c19571de34c47de3a766541b041637ba5f716ed7"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122029","reference_id":"1122029","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122029"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2419467","reference_id":"2419467","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2419467"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-66471","reference_id":"CVE-2025-66471","reference_type":"","scores":[{"value":"8.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-66471"},{"reference_url":"https://github.com/advisories/GHSA-2xpw-w6gg-jr37","reference_id":"GHSA-2xpw-w6gg-jr37","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2xpw-w6gg-jr37"},{"reference_url":"https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37","reference_id":"GHSA-2xpw-w6gg-jr37","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-05T19:32:57Z/"}],"url":"https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0981","reference_id":"RHSA-2026:0981","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0981"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0990","reference_id":"RHSA-2026:0990","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0990"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1038","reference_id":"RHSA-2026:1038","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1038"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1041","reference_id":"RHSA-2026:1041","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1041"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1042","reference_id":"RHSA-2026:1042","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1042"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1086","reference_id":"RHSA-2026:1086","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1086"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1087","reference_id":"RHSA-2026:1087","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1087"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1088","reference_id":"RHSA-2026:1088","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1088"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1089","reference_id":"RHSA-2026:1089","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1089"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1166","reference_id":"RHSA-2026:1166","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1166"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1168","reference_id":"RHSA-2026:1168","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1168"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1176","reference_id":"RHSA-2026:1176","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1176"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1224","reference_id":"RHSA-2026:1224","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1224"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1226","reference_id":"RHSA-2026:1226","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1226"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1239","reference_id":"RHSA-2026:1239","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1239"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1240","reference_id":"RHSA-2026:1240","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1240"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1241","reference_id":"RHSA-2026:1241","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1241"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1249","reference_id":"RHSA-2026:1249","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1249"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1254","reference_id":"RHSA-2026:1254","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1254"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1485","reference_id":"RHSA-2026:1485","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1485"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1497","reference_id":"RHSA-2026:1497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1504","reference_id":"RHSA-2026:1504","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1504"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1506","reference_id":"RHSA-2026:1506","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1506"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1546","reference_id":"RHSA-2026:1546","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1546"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1596","reference_id":"RHSA-2026:1596","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1596"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1599","reference_id":"RHSA-2026:1599","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1599"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1600","reference_id":"RHSA-2026:1600","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1600"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1609","reference_id":"RHSA-2026:1609","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1609"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1618","reference_id":"RHSA-2026:1618","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1618"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1619","reference_id":"RHSA-2026:1619","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1619"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1652","reference_id":"RHSA-2026:1652","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1652"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1674","reference_id":"RHSA-2026:1674","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1674"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1676","reference_id":"RHSA-2026:1676","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1676"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1693","reference_id":"RHSA-2026:1693","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1693"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1704","reference_id":"RHSA-2026:1704","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1704"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1706","reference_id":"RHSA-2026:1706","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1706"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1712","reference_id":"RHSA-2026:1712","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1712"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1717","reference_id":"RHSA-2026:1717","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1717"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1726","reference_id":"RHSA-2026:1726","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1726"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1729","reference_id":"RHSA-2026:1729","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1729"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1730","reference_id":"RHSA-2026:1730","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1730"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1734","reference_id":"RHSA-2026:1734","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1734"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1735","reference_id":"RHSA-2026:1735","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1735"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1736","reference_id":"RHSA-2026:1736","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1736"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1791","reference_id":"RHSA-2026:1791","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1791"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1792","reference_id":"RHSA-2026:1792","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1792"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1793","reference_id":"RHSA-2026:1793","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1793"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1794","reference_id":"RHSA-2026:1794","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1794"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1795","reference_id":"RHSA-2026:1795","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1795"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1803","reference_id":"RHSA-2026:1803","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1803"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1805","reference_id":"RHSA-2026:1805","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1805"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1942","reference_id":"RHSA-2026:1942","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1942"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1957","reference_id":"RHSA-2026:1957","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1957"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2060","reference_id":"RHSA-2026:2060","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2060"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2106","reference_id":"RHSA-2026:2106","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2106"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2126","reference_id":"RHSA-2026:2126","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2126"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2137","reference_id":"RHSA-2026:2137","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2137"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2139","reference_id":"RHSA-2026:2139","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2139"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2144","reference_id":"RHSA-2026:2144","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2144"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2256","reference_id":"RHSA-2026:2256","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2256"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2456","reference_id":"RHSA-2026:2456","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2456"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2500","reference_id":"RHSA-2026:2500","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2500"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2563","reference_id":"RHSA-2026:2563","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2563"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2681","reference_id":"RHSA-2026:2681","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2681"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2695","reference_id":"RHSA-2026:2695","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2695"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2717","reference_id":"RHSA-2026:2717","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2717"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2718","reference_id":"RHSA-2026:2718","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2718"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2723","reference_id":"RHSA-2026:2723","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2723"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2728","reference_id":"RHSA-2026:2728","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2728"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2737","reference_id":"RHSA-2026:2737","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2737"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2760","reference_id":"RHSA-2026:2760","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2760"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2762","reference_id":"RHSA-2026:2762","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2762"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2764","reference_id":"RHSA-2026:2764","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2764"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2765","reference_id":"RHSA-2026:2765","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2765"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2800","reference_id":"RHSA-2026:2800","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2800"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2900","reference_id":"RHSA-2026:2900","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2900"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2919","reference_id":"RHSA-2026:2919","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2919"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2924","reference_id":"RHSA-2026:2924","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2924"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2925","reference_id":"RHSA-2026:2925","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2925"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2926","reference_id":"RHSA-2026:2926","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2926"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3296","reference_id":"RHSA-2026:3296","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3296"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3406","reference_id":"RHSA-2026:3406","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3406"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3444","reference_id":"RHSA-2026:3444","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3444"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3461","reference_id":"RHSA-2026:3461","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3461"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3462","reference_id":"RHSA-2026:3462","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3462"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3713","reference_id":"RHSA-2026:3713","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3713"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3782","reference_id":"RHSA-2026:3782","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3782"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3869","reference_id":"RHSA-2026:3869","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3869"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3874","reference_id":"RHSA-2026:3874","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3874"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3960","reference_id":"RHSA-2026:3960","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3960"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4185","reference_id":"RHSA-2026:4185","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4185"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4215","reference_id":"RHSA-2026:4215","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4215"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4271","reference_id":"RHSA-2026:4271","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4271"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4466","reference_id":"RHSA-2026:4466","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4466"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4467","reference_id":"RHSA-2026:4467","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4467"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5459","reference_id":"RHSA-2026:5459","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5459"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5549","reference_id":"RHSA-2026:5549","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5549"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6055","reference_id":"RHSA-2026:6055","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6055"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6292","reference_id":"RHSA-2026:6292","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6292"},{"reference_url":"https://usn.ubuntu.com/7927-1/","reference_id":"USN-7927-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7927-1/"},{"reference_url":"https://usn.ubuntu.com/7927-2/","reference_id":"USN-7927-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7927-2/"},{"reference_url":"https://usn.ubuntu.com/7927-3/","reference_id":"USN-7927-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7927-3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/66768?format=json","purl":"pkg:pypi/urllib3@2.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-kjka-a931-uygj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/urllib3@2.6.0"}],"aliases":["CVE-2025-66471","GHSA-2xpw-w6gg-jr37"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zevs-1ge5-y7g7"}],"fixing_vulnerabilities":[],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/urllib3@1.1"}