Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/urllib3@1.13
Typepypi
Namespace
Nameurllib3
Version1.13
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.6.3
Latest_non_vulnerable_version2.6.3
Affected_by_vulnerabilities
0
url VCID-4evk-srqq-fuef
vulnerability_id VCID-4evk-srqq-fuef
summary urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one that could accept a request body (like `POST`) to `GET` as is required by HTTP RFCs. Although this behavior is not specified in the section for redirects, it can be inferred by piecing together information from different sections and we have observed the behavior in other major HTTP client implementations like curl and web browsers. Because the vulnerability requires a previously trusted service to become compromised in order to have an impact on confidentiality we believe the exploitability of this vulnerability is low. Additionally, many users aren't putting sensitive data in HTTP request bodies, if this is the case then this vulnerability isn't exploitable. Both of the following conditions must be true to be affected by this vulnerability: 1. Using urllib3 and submitting sensitive information in the HTTP request body (such as form data or JSON) and 2. The origin service is compromised and starts redirecting using 301, 302, or 303 to a malicious peer or the redirected-to service becomes compromised. This issue has been addressed in versions 1.26.18 and 2.0.7 and users are advised to update to resolve this issue. Users unable to update should disable redirects for services that aren't expecting to respond with redirects with `redirects=False` and disable automatic redirects with `redirects=False` and handle 301, 302, and 303 redirects manually by stripping the HTTP request body.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45803.json
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45803.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-45803
reference_id
reference_type
scores
0
value 0.00051
scoring_system epss
scoring_elements 0.15748
published_at 2026-04-16T12:55:00Z
1
value 0.00051
scoring_system epss
scoring_elements 0.15824
published_at 2026-04-13T12:55:00Z
2
value 0.00051
scoring_system epss
scoring_elements 0.15944
published_at 2026-04-02T12:55:00Z
3
value 0.00051
scoring_system epss
scoring_elements 0.15931
published_at 2026-04-11T12:55:00Z
4
value 0.00051
scoring_system epss
scoring_elements 0.16009
published_at 2026-04-04T12:55:00Z
5
value 0.00051
scoring_system epss
scoring_elements 0.15807
published_at 2026-04-07T12:55:00Z
6
value 0.00051
scoring_system epss
scoring_elements 0.15893
published_at 2026-04-12T12:55:00Z
7
value 0.00051
scoring_system epss
scoring_elements 0.15954
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-45803
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45803
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45803
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2023-212.yaml
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 5.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2023-212.yaml
5
reference_url https://github.com/urllib3/urllib3
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 5.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/urllib3/urllib3
6
reference_url https://github.com/urllib3/urllib3/commit/4e50fbc5db74e32cabd5ccc1ab81fc103adfe0b3
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 5.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/urllib3/urllib3/commit/4e50fbc5db74e32cabd5ccc1ab81fc103adfe0b3
7
reference_url https://github.com/urllib3/urllib3/commit/4e98d57809dacab1cbe625fddeec1a290c478ea9
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 5.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T15:56:19Z/
url https://github.com/urllib3/urllib3/commit/4e98d57809dacab1cbe625fddeec1a290c478ea9
8
reference_url https://github.com/urllib3/urllib3/commit/b594c5ceaca38e1ac215f916538fb128e3526a36
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 5.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/urllib3/urllib3/commit/b594c5ceaca38e1ac215f916538fb128e3526a36
9
reference_url https://github.com/urllib3/urllib3/releases/tag/1.26.18
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 5.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/urllib3/urllib3/releases/tag/1.26.18
10
reference_url https://github.com/urllib3/urllib3/releases/tag/2.0.7
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 5.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/urllib3/urllib3/releases/tag/2.0.7
11
reference_url https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 5.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T15:56:19Z/
url https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4
12
reference_url https://lists.debian.org/debian-lts-announce/2024/12/msg00020.html
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 5.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2024/12/msg00020.html
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4R2Y5XK3WALSR3FNAGN7JBYV2B343ZKB
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 5.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4R2Y5XK3WALSR3FNAGN7JBYV2B343ZKB
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5F5CUBAN5XMEBVBZPHFITBLMJV5FIJJ5
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 5.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5F5CUBAN5XMEBVBZPHFITBLMJV5FIJJ5
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PPDPLM6UUMN55ESPQWJFLLIZY4ZKCNRX
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 5.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PPDPLM6UUMN55ESPQWJFLLIZY4ZKCNRX
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PPDPLM6UUMN55ESPQWJFLLIZY4ZKCNRX/
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T15:56:19Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PPDPLM6UUMN55ESPQWJFLLIZY4ZKCNRX/
17
reference_url https://www.rfc-editor.org/rfc/rfc9110.html#name-get
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 5.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T15:56:19Z/
url https://www.rfc-editor.org/rfc/rfc9110.html#name-get
18
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054226
reference_id 1054226
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054226
19
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2246840
reference_id 2246840
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2246840
20
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4R2Y5XK3WALSR3FNAGN7JBYV2B343ZKB/
reference_id 4R2Y5XK3WALSR3FNAGN7JBYV2B343ZKB
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T15:56:19Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4R2Y5XK3WALSR3FNAGN7JBYV2B343ZKB/
21
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5F5CUBAN5XMEBVBZPHFITBLMJV5FIJJ5/
reference_id 5F5CUBAN5XMEBVBZPHFITBLMJV5FIJJ5
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T15:56:19Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5F5CUBAN5XMEBVBZPHFITBLMJV5FIJJ5/
22
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-45803
reference_id CVE-2023-45803
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 5.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-45803
23
reference_url https://github.com/advisories/GHSA-g4mx-q9vg-27p4
reference_id GHSA-g4mx-q9vg-27p4
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g4mx-q9vg-27p4
24
reference_url https://access.redhat.com/errata/RHSA-2023:7851
reference_id RHSA-2023:7851
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7851
25
reference_url https://access.redhat.com/errata/RHSA-2024:0116
reference_id RHSA-2024:0116
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0116
26
reference_url https://access.redhat.com/errata/RHSA-2024:0300
reference_id RHSA-2024:0300
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0300
27
reference_url https://access.redhat.com/errata/RHSA-2024:0464
reference_id RHSA-2024:0464
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0464
28
reference_url https://access.redhat.com/errata/RHSA-2024:0588
reference_id RHSA-2024:0588
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0588
29
reference_url https://access.redhat.com/errata/RHSA-2024:11189
reference_id RHSA-2024:11189
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:11189
30
reference_url https://access.redhat.com/errata/RHSA-2024:11238
reference_id RHSA-2024:11238
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:11238
31
reference_url https://access.redhat.com/errata/RHSA-2024:1155
reference_id RHSA-2024:1155
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1155
32
reference_url https://access.redhat.com/errata/RHSA-2024:1383
reference_id RHSA-2024:1383
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1383
33
reference_url https://access.redhat.com/errata/RHSA-2024:2132
reference_id RHSA-2024:2132
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2132
34
reference_url https://access.redhat.com/errata/RHSA-2024:2734
reference_id RHSA-2024:2734
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2734
35
reference_url https://access.redhat.com/errata/RHSA-2024:2952
reference_id RHSA-2024:2952
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2952
36
reference_url https://access.redhat.com/errata/RHSA-2024:2968
reference_id RHSA-2024:2968
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2968
37
reference_url https://access.redhat.com/errata/RHSA-2024:2988
reference_id RHSA-2024:2988
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2988
38
reference_url https://access.redhat.com/errata/RHSA-2025:0078
reference_id RHSA-2025:0078
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0078
39
reference_url https://access.redhat.com/errata/RHSA-2025:1793
reference_id RHSA-2025:1793
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1793
40
reference_url https://access.redhat.com/errata/RHSA-2025:1813
reference_id RHSA-2025:1813
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1813
41
reference_url https://usn.ubuntu.com/6473-1/
reference_id USN-6473-1
reference_type
scores
url https://usn.ubuntu.com/6473-1/
42
reference_url https://usn.ubuntu.com/6473-2/
reference_id USN-6473-2
reference_type
scores
url https://usn.ubuntu.com/6473-2/
43
reference_url https://usn.ubuntu.com/7762-1/
reference_id USN-7762-1
reference_type
scores
url https://usn.ubuntu.com/7762-1/
fixed_packages
0
url pkg:pypi/urllib3@1.26.18
purl pkg:pypi/urllib3@1.26.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5tkp-pxz9-h7c2
1
vulnerability VCID-7wcj-zvjq-xud3
2
vulnerability VCID-kjka-a931-uygj
3
vulnerability VCID-v365-pn8r-e7dh
4
vulnerability VCID-zevs-1ge5-y7g7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/urllib3@1.26.18
1
url pkg:pypi/urllib3@2.0.0a1
purl pkg:pypi/urllib3@2.0.0a1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7wcj-zvjq-xud3
1
vulnerability VCID-kjka-a931-uygj
2
vulnerability VCID-v365-pn8r-e7dh
3
vulnerability VCID-zevs-1ge5-y7g7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/urllib3@2.0.0a1
2
url pkg:pypi/urllib3@2.0.7
purl pkg:pypi/urllib3@2.0.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5tkp-pxz9-h7c2
1
vulnerability VCID-7wcj-zvjq-xud3
2
vulnerability VCID-kjka-a931-uygj
3
vulnerability VCID-v365-pn8r-e7dh
4
vulnerability VCID-zevs-1ge5-y7g7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/urllib3@2.0.7
aliases CVE-2023-45803, GHSA-g4mx-q9vg-27p4, PYSEC-2023-212
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4evk-srqq-fuef
1
url VCID-5tkp-pxz9-h7c2
vulnerability_id VCID-5tkp-pxz9-h7c2
summary 
urllib3's Proxy-Authorization request header isn't stripped during cross-origin redirects
When using urllib3's proxy support with `ProxyManager`, the `Proxy-Authorization` header is only sent to the configured proxy, as expected.

However, when sending HTTP requests *without* using urllib3's proxy support, it's possible to accidentally configure the `Proxy-Authorization` header even though it won't have any effect as the request is not using a forwarding proxy or a tunneling proxy. In those cases, urllib3 doesn't treat the `Proxy-Authorization` HTTP header as one carrying authentication material and thus doesn't strip the header on cross-origin redirects.

Because this is a highly unlikely scenario, we believe the severity of this vulnerability is low for almost all users. Out of an abundance of caution urllib3 will automatically strip the `Proxy-Authorization` header during cross-origin redirects to avoid the small chance that users are doing this on accident.

Users should use urllib3's proxy support or disable automatic redirects to achieve safe processing of the `Proxy-Authorization` header, but we still decided to strip the header by default in order to further protect users who aren't using the correct approach.

## Affected usages

We believe the number of usages affected by this advisory is low. It requires all of the following to be true to be exploited:

* Setting the `Proxy-Authorization` header without using urllib3's built-in proxy support.
* Not disabling HTTP redirects.
* Either not using an HTTPS origin server or for the proxy or target origin to redirect to a malicious origin.

## Remediation

* Using the `Proxy-Authorization` header with urllib3's `ProxyManager`.
* Disabling HTTP redirects using `redirects=False` when sending requests.
* Not using the `Proxy-Authorization` header.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-37891.json
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-37891.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-37891
reference_id
reference_type
scores
0
value 0.00256
scoring_system epss
scoring_elements 0.4902
published_at 2026-04-16T12:55:00Z
1
value 0.00256
scoring_system epss
scoring_elements 0.48973
published_at 2026-04-13T12:55:00Z
2
value 0.00256
scoring_system epss
scoring_elements 0.48966
published_at 2026-04-12T12:55:00Z
3
value 0.00256
scoring_system epss
scoring_elements 0.48978
published_at 2026-04-08T12:55:00Z
4
value 0.00256
scoring_system epss
scoring_elements 0.48992
published_at 2026-04-11T12:55:00Z
5
value 0.00256
scoring_system epss
scoring_elements 0.48975
published_at 2026-04-09T12:55:00Z
6
value 0.00256
scoring_system epss
scoring_elements 0.48924
published_at 2026-04-07T12:55:00Z
7
value 0.00263
scoring_system epss
scoring_elements 0.49702
published_at 2026-04-04T12:55:00Z
8
value 0.00263
scoring_system epss
scoring_elements 0.49674
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-37891
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37891
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37891
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/urllib3/urllib3
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/urllib3/urllib3
5
reference_url https://github.com/urllib3/urllib3/commit/40b6d1605814dd1db0a46e202d6e56f2e4c9a468
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/urllib3/urllib3/commit/40b6d1605814dd1db0a46e202d6e56f2e4c9a468
6
reference_url https://github.com/urllib3/urllib3/commit/accff72ecc2f6cf5a76d9570198a93ac7c90270e
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-18T13:49:45Z/
url https://github.com/urllib3/urllib3/commit/accff72ecc2f6cf5a76d9570198a93ac7c90270e
7
reference_url https://github.com/urllib3/urllib3/security/advisories/GHSA-34jh-p97f-mpxf
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-18T13:49:45Z/
url https://github.com/urllib3/urllib3/security/advisories/GHSA-34jh-p97f-mpxf
8
reference_url https://lists.debian.org/debian-lts-announce/2024/12/msg00020.html
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2024/12/msg00020.html
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-37891
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-37891
10
reference_url https://security.netapp.com/advisory/ntap-20240822-0003
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20240822-0003
11
reference_url https://www.vicarius.io/vsociety/posts/proxy-authorization-header-handling-vulnerability-in-urllib3-cve-2024-37891
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.vicarius.io/vsociety/posts/proxy-authorization-header-handling-vulnerability-in-urllib3-cve-2024-37891
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074149
reference_id 1074149
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074149
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2292788
reference_id 2292788
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2292788
14
reference_url https://github.com/advisories/GHSA-34jh-p97f-mpxf
reference_id GHSA-34jh-p97f-mpxf
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-34jh-p97f-mpxf
15
reference_url https://access.redhat.com/errata/RHSA-2024:4422
reference_id RHSA-2024:4422
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4422
16
reference_url https://access.redhat.com/errata/RHSA-2024:4730
reference_id RHSA-2024:4730
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4730
17
reference_url https://access.redhat.com/errata/RHSA-2024:4744
reference_id RHSA-2024:4744
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4744
18
reference_url https://access.redhat.com/errata/RHSA-2024:4746
reference_id RHSA-2024:4746
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4746
19
reference_url https://access.redhat.com/errata/RHSA-2024:5041
reference_id RHSA-2024:5041
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5041
20
reference_url https://access.redhat.com/errata/RHSA-2024:5309
reference_id RHSA-2024:5309
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5309
21
reference_url https://access.redhat.com/errata/RHSA-2024:5526
reference_id RHSA-2024:5526
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5526
22
reference_url https://access.redhat.com/errata/RHSA-2024:5622
reference_id RHSA-2024:5622
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5622
23
reference_url https://access.redhat.com/errata/RHSA-2024:5627
reference_id RHSA-2024:5627
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5627
24
reference_url https://access.redhat.com/errata/RHSA-2024:5633
reference_id RHSA-2024:5633
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5633
25
reference_url https://access.redhat.com/errata/RHSA-2024:6162
reference_id RHSA-2024:6162
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6162
26
reference_url https://access.redhat.com/errata/RHSA-2024:6239
reference_id RHSA-2024:6239
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6239
27
reference_url https://access.redhat.com/errata/RHSA-2024:6240
reference_id RHSA-2024:6240
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6240
28
reference_url https://access.redhat.com/errata/RHSA-2024:6309
reference_id RHSA-2024:6309
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6309
29
reference_url https://access.redhat.com/errata/RHSA-2024:6310
reference_id RHSA-2024:6310
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6310
30
reference_url https://access.redhat.com/errata/RHSA-2024:6311
reference_id RHSA-2024:6311
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6311
31
reference_url https://access.redhat.com/errata/RHSA-2024:6358
reference_id RHSA-2024:6358
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6358
32
reference_url https://access.redhat.com/errata/RHSA-2024:7312
reference_id RHSA-2024:7312
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:7312
33
reference_url https://access.redhat.com/errata/RHSA-2024:8035
reference_id RHSA-2024:8035
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:8035
34
reference_url https://access.redhat.com/errata/RHSA-2024:8842
reference_id RHSA-2024:8842
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:8842
35
reference_url https://access.redhat.com/errata/RHSA-2024:8843
reference_id RHSA-2024:8843
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:8843
36
reference_url https://access.redhat.com/errata/RHSA-2024:8906
reference_id RHSA-2024:8906
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:8906
37
reference_url https://access.redhat.com/errata/RHSA-2024:9457
reference_id RHSA-2024:9457
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:9457
38
reference_url https://access.redhat.com/errata/RHSA-2024:9458
reference_id RHSA-2024:9458
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:9458
39
reference_url https://access.redhat.com/errata/RHSA-2024:9922
reference_id RHSA-2024:9922
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:9922
40
reference_url https://access.redhat.com/errata/RHSA-2024:9923
reference_id RHSA-2024:9923
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:9923
41
reference_url https://access.redhat.com/errata/RHSA-2024:9985
reference_id RHSA-2024:9985
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:9985
42
reference_url https://usn.ubuntu.com/7084-1/
reference_id USN-7084-1
reference_type
scores
url https://usn.ubuntu.com/7084-1/
43
reference_url https://usn.ubuntu.com/7084-2/
reference_id USN-7084-2
reference_type
scores
url https://usn.ubuntu.com/7084-2/
fixed_packages
0
url pkg:pypi/urllib3@1.26.19
purl pkg:pypi/urllib3@1.26.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7wcj-zvjq-xud3
1
vulnerability VCID-kjka-a931-uygj
2
vulnerability VCID-v365-pn8r-e7dh
3
vulnerability VCID-zevs-1ge5-y7g7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/urllib3@1.26.19
1
url pkg:pypi/urllib3@2.0.0a1
purl pkg:pypi/urllib3@2.0.0a1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7wcj-zvjq-xud3
1
vulnerability VCID-kjka-a931-uygj
2
vulnerability VCID-v365-pn8r-e7dh
3
vulnerability VCID-zevs-1ge5-y7g7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/urllib3@2.0.0a1
2
url pkg:pypi/urllib3@2.2.2
purl pkg:pypi/urllib3@2.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7wcj-zvjq-xud3
1
vulnerability VCID-dxkv-8f9g-47e9
2
vulnerability VCID-kjka-a931-uygj
3
vulnerability VCID-v365-pn8r-e7dh
4
vulnerability VCID-zevs-1ge5-y7g7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/urllib3@2.2.2
aliases CVE-2024-37891, GHSA-34jh-p97f-mpxf
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5tkp-pxz9-h7c2
2
url VCID-692s-9j5p-gbf1
vulnerability_id VCID-692s-9j5p-gbf1
summary In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00039.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00039.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00041.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00041.html
2
reference_url https://access.redhat.com/errata/RHSA-2019:2272
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:2272
3
reference_url https://access.redhat.com/errata/RHSA-2019:3335
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:3335
4
reference_url https://access.redhat.com/errata/RHSA-2019:3590
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:3590
5
reference_url https://github.com/urllib3/urllib3/issues/1553
reference_id
reference_type
scores
url https://github.com/urllib3/urllib3/issues/1553
6
reference_url https://lists.debian.org/debian-lts-announce/2019/06/msg00016.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2019/06/msg00016.html
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NKGPJLVLVYCL4L4B4G5TIOTVK4BKPG72/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NKGPJLVLVYCL4L4B4G5TIOTVK4BKPG72/
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R62XGEYPUTXMRHGX5I37EBCGQ5COHGKR/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R62XGEYPUTXMRHGX5I37EBCGQ5COHGKR/
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TBI45HO533KYHNB5YRO43TBYKA3E3VRL/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TBI45HO533KYHNB5YRO43TBYKA3E3VRL/
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOSA2NT4DUQDBEIWE6O7KKD24XND7TE2/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOSA2NT4DUQDBEIWE6O7KKD24XND7TE2/
11
reference_url https://usn.ubuntu.com/3990-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/3990-1/
12
reference_url https://usn.ubuntu.com/3990-2/
reference_id
reference_type
scores
url https://usn.ubuntu.com/3990-2/
fixed_packages
0
url pkg:pypi/urllib3@1.24.3
purl pkg:pypi/urllib3@1.24.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4evk-srqq-fuef
1
vulnerability VCID-5tkp-pxz9-h7c2
2
vulnerability VCID-7wcj-zvjq-xud3
3
vulnerability VCID-8par-whwz-6kft
4
vulnerability VCID-969r-9mvk-uyh4
5
vulnerability VCID-gxkt-bvtg-gbaj
6
vulnerability VCID-kjka-a931-uygj
7
vulnerability VCID-v365-pn8r-e7dh
8
vulnerability VCID-zevs-1ge5-y7g7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/urllib3@1.24.3
aliases PYSEC-2019-62
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-692s-9j5p-gbf1
3
url VCID-6kxp-qa5x-q3bq
vulnerability_id VCID-6kxp-qa5x-q3bq
summary The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure is the correct outcome. This is related to use of the ssl_context, ca_certs, or ca_certs_dir argument.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00039.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00039.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00041.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00041.html
2
reference_url https://access.redhat.com/errata/RHSA-2019:3335
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:3335
3
reference_url https://access.redhat.com/errata/RHSA-2019:3590
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:3590
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11324.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11324.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-11324
reference_id
reference_type
scores
0
value 0.01315
scoring_system epss
scoring_elements 0.7984
published_at 2026-04-13T12:55:00Z
1
value 0.01315
scoring_system epss
scoring_elements 0.79848
published_at 2026-04-12T12:55:00Z
2
value 0.01315
scoring_system epss
scoring_elements 0.79865
published_at 2026-04-11T12:55:00Z
3
value 0.01315
scoring_system epss
scoring_elements 0.79843
published_at 2026-04-09T12:55:00Z
4
value 0.01315
scoring_system epss
scoring_elements 0.79835
published_at 2026-04-08T12:55:00Z
5
value 0.01315
scoring_system epss
scoring_elements 0.79806
published_at 2026-04-07T12:55:00Z
6
value 0.01315
scoring_system epss
scoring_elements 0.79819
published_at 2026-04-04T12:55:00Z
7
value 0.01315
scoring_system epss
scoring_elements 0.79798
published_at 2026-04-02T12:55:00Z
8
value 0.01315
scoring_system epss
scoring_elements 0.7979
published_at 2026-04-01T12:55:00Z
9
value 0.01315
scoring_system epss
scoring_elements 0.79868
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-11324
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11324
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11324
7
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
8
reference_url https://github.com/advisories/GHSA-mh33-7rrq-662w
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-mh33-7rrq-662w
9
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2019-133.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2019-133.yaml
10
reference_url https://github.com/urllib3/urllib3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/urllib3/urllib3
11
reference_url https://github.com/urllib3/urllib3/commit/1efadf43dc63317cd9eaa3e0fdb9e05ab07254b1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/urllib3/urllib3/commit/1efadf43dc63317cd9eaa3e0fdb9e05ab07254b1
12
reference_url https://github.com/urllib3/urllib3/compare/a6ec68a...1efadf4
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/urllib3/urllib3/compare/a6ec68a...1efadf4
13
reference_url https://lists.debian.org/debian-lts-announce/2021/06/msg00015.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2021/06/msg00015.html
14
reference_url https://lists.debian.org/debian-lts-announce/2023/10/msg00012.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2023/10/msg00012.html
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NKGPJLVLVYCL4L4B4G5TIOTVK4BKPG72
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NKGPJLVLVYCL4L4B4G5TIOTVK4BKPG72
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NKGPJLVLVYCL4L4B4G5TIOTVK4BKPG72/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NKGPJLVLVYCL4L4B4G5TIOTVK4BKPG72/
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOSA2NT4DUQDBEIWE6O7KKD24XND7TE2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOSA2NT4DUQDBEIWE6O7KKD24XND7TE2
18
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOSA2NT4DUQDBEIWE6O7KKD24XND7TE2/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOSA2NT4DUQDBEIWE6O7KKD24XND7TE2/
19
reference_url https://pypi.org/project/urllib3/1.24.2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pypi.org/project/urllib3/1.24.2
20
reference_url https://usn.ubuntu.com/3990-1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/3990-1
21
reference_url https://usn.ubuntu.com/3990-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/3990-1/
22
reference_url http://www.openwall.com/lists/oss-security/2019/04/19/1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2019/04/19/1
23
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1702473
reference_id 1702473
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1702473
24
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927412
reference_id 927412
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927412
25
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-11324
reference_id CVE-2019-11324
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-11324
26
reference_url https://access.redhat.com/errata/RHSA-2020:0850
reference_id RHSA-2020:0850
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0850
27
reference_url https://access.redhat.com/errata/RHSA-2020:1605
reference_id RHSA-2020:1605
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:1605
28
reference_url https://access.redhat.com/errata/RHSA-2020:1916
reference_id RHSA-2020:1916
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:1916
29
reference_url https://access.redhat.com/errata/RHSA-2020:2068
reference_id RHSA-2020:2068
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2068
fixed_packages
0
url pkg:pypi/urllib3@1.24.2
purl pkg:pypi/urllib3@1.24.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4evk-srqq-fuef
1
vulnerability VCID-5tkp-pxz9-h7c2
2
vulnerability VCID-692s-9j5p-gbf1
3
vulnerability VCID-7wcj-zvjq-xud3
4
vulnerability VCID-8par-whwz-6kft
5
vulnerability VCID-969r-9mvk-uyh4
6
vulnerability VCID-b3e6-k53t-bkgk
7
vulnerability VCID-gxkt-bvtg-gbaj
8
vulnerability VCID-kjka-a931-uygj
9
vulnerability VCID-v365-pn8r-e7dh
10
vulnerability VCID-zevs-1ge5-y7g7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/urllib3@1.24.2
aliases CVE-2019-11324, GHSA-mh33-7rrq-662w, PYSEC-2019-133
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6kxp-qa5x-q3bq
4
url VCID-7wcj-zvjq-xud3
vulnerability_id VCID-7wcj-zvjq-xud3
summary 
urllib3 redirects are not disabled when retries are disabled on PoolManager instantiation
urllib3 handles redirects and retries using the same mechanism, which is controlled by the `Retry` object. The most common way to disable redirects is at the request level, as follows:

```python
resp = urllib3.request("GET", "https://httpbin.org/redirect/1", redirect=False)
print(resp.status)
# 302
```

However, it is also possible to disable redirects, for all requests, by instantiating a `PoolManager` and specifying `retries` in a way that disable redirects:

```python
import urllib3

http = urllib3.PoolManager(retries=0)  # should raise MaxRetryError on redirect
http = urllib3.PoolManager(retries=urllib3.Retry(redirect=0))  # equivalent to the above
http = urllib3.PoolManager(retries=False)  # should return the first response

resp = http.request("GET", "https://httpbin.org/redirect/1")
```

However, the `retries` parameter is currently ignored, which means all the above examples don't disable redirects.

## Affected usages

Passing `retries` on `PoolManager` instantiation to disable redirects or restrict their number.

By default, requests and botocore users are not affected.

## Impact

Redirects are often used to exploit SSRF vulnerabilities. An application attempting to mitigate SSRF or open redirect vulnerabilities by disabling redirects at the PoolManager level will remain vulnerable.

## Remediation

You can remediate this vulnerability with the following steps:

 * Upgrade to a patched version of urllib3. If your organization would benefit from the continued support of urllib3 1.x, please contact [sethmichaellarson@gmail.com](mailto:sethmichaellarson@gmail.com) to discuss sponsorship or contribution opportunities.
 * Disable redirects at the `request()` level instead of the `PoolManager()` level.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-50181.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-50181.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-50181
reference_id
reference_type
scores
0
value 0.00026
scoring_system epss
scoring_elements 0.07158
published_at 2026-04-04T12:55:00Z
1
value 0.00026
scoring_system epss
scoring_elements 0.07109
published_at 2026-04-02T12:55:00Z
2
value 0.00028
scoring_system epss
scoring_elements 0.07921
published_at 2026-04-13T12:55:00Z
3
value 0.00028
scoring_system epss
scoring_elements 0.07951
published_at 2026-04-11T12:55:00Z
4
value 0.00028
scoring_system epss
scoring_elements 0.07963
published_at 2026-04-09T12:55:00Z
5
value 0.00028
scoring_system epss
scoring_elements 0.07942
published_at 2026-04-08T12:55:00Z
6
value 0.00028
scoring_system epss
scoring_elements 0.07885
published_at 2026-04-07T12:55:00Z
7
value 0.00028
scoring_system epss
scoring_elements 0.07934
published_at 2026-04-12T12:55:00Z
8
value 0.00079
scoring_system epss
scoring_elements 0.23398
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-50181
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50181
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50181
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/urllib3/urllib3
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/urllib3/urllib3
5
reference_url https://github.com/urllib3/urllib3/commit/f05b1329126d5be6de501f9d1e3e36738bc08857
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-23T16:45:50Z/
url https://github.com/urllib3/urllib3/commit/f05b1329126d5be6de501f9d1e3e36738bc08857
6
reference_url https://github.com/urllib3/urllib3/releases/tag/2.5.0
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-23T16:45:50Z/
url https://github.com/urllib3/urllib3/releases/tag/2.5.0
7
reference_url https://github.com/urllib3/urllib3/security/advisories/GHSA-pq67-6m6q-mj2v
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-23T16:45:50Z/
url https://github.com/urllib3/urllib3/security/advisories/GHSA-pq67-6m6q-mj2v
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-50181
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-50181
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108076
reference_id 1108076
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108076
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2373799
reference_id 2373799
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2373799
11
reference_url https://github.com/advisories/GHSA-pq67-6m6q-mj2v
reference_id GHSA-pq67-6m6q-mj2v
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pq67-6m6q-mj2v
12
reference_url https://access.redhat.com/errata/RHSA-2026:4215
reference_id RHSA-2026:4215
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:4215
13
reference_url https://usn.ubuntu.com/7599-1/
reference_id USN-7599-1
reference_type
scores
url https://usn.ubuntu.com/7599-1/
14
reference_url https://usn.ubuntu.com/7599-2/
reference_id USN-7599-2
reference_type
scores
url https://usn.ubuntu.com/7599-2/
fixed_packages
0
url pkg:pypi/urllib3@2.5.0
purl pkg:pypi/urllib3@2.5.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kjka-a931-uygj
1
vulnerability VCID-v365-pn8r-e7dh
2
vulnerability VCID-zevs-1ge5-y7g7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/urllib3@2.5.0
aliases CVE-2025-50181, GHSA-pq67-6m6q-mj2v
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7wcj-zvjq-xud3
5
url VCID-8par-whwz-6kft
vulnerability_id VCID-8par-whwz-6kft
summary An issue was discovered in urllib3 before 1.26.5. When provided with a URL containing many @ characters in the authority component, the authority regular expression exhibits catastrophic backtracking, causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-33503.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-33503.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-33503
reference_id
reference_type
scores
0
value 0.00863
scoring_system epss
scoring_elements 0.7511
published_at 2026-04-16T12:55:00Z
1
value 0.00863
scoring_system epss
scoring_elements 0.75072
published_at 2026-04-13T12:55:00Z
2
value 0.00863
scoring_system epss
scoring_elements 0.75028
published_at 2026-04-01T12:55:00Z
3
value 0.00863
scoring_system epss
scoring_elements 0.75083
published_at 2026-04-12T12:55:00Z
4
value 0.00863
scoring_system epss
scoring_elements 0.75105
published_at 2026-04-11T12:55:00Z
5
value 0.00863
scoring_system epss
scoring_elements 0.75082
published_at 2026-04-09T12:55:00Z
6
value 0.00863
scoring_system epss
scoring_elements 0.7507
published_at 2026-04-08T12:55:00Z
7
value 0.00863
scoring_system epss
scoring_elements 0.75036
published_at 2026-04-07T12:55:00Z
8
value 0.00863
scoring_system epss
scoring_elements 0.7506
published_at 2026-04-04T12:55:00Z
9
value 0.00863
scoring_system epss
scoring_elements 0.75031
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-33503
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33503
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33503
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/advisories/GHSA-q2q7-5pp4-w6pg
reference_id
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q2q7-5pp4-w6pg
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2021-108.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2021-108.yaml
6
reference_url https://github.com/urllib3/urllib3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/urllib3/urllib3
7
reference_url https://github.com/urllib3/urllib3/commit/2d4a3fee6de2fa45eb82169361918f759269b4ec
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/urllib3/urllib3/commit/2d4a3fee6de2fa45eb82169361918f759269b4ec
8
reference_url https://github.com/urllib3/urllib3/commit/5b047b645f5f93900d5e2fc31230848c25eb1f5f#diff-52026d639119bf1e0364836b4e8a18bd9ed3c95c6ba39b26534a5057a65e35bbR65
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/urllib3/urllib3/commit/5b047b645f5f93900d5e2fc31230848c25eb1f5f#diff-52026d639119bf1e0364836b4e8a18bd9ed3c95c6ba39b26534a5057a65e35bbR65
9
reference_url https://github.com/urllib3/urllib3/security/advisories/GHSA-q2q7-5pp4-w6pg
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/urllib3/urllib3/security/advisories/GHSA-q2q7-5pp4-w6pg
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6SCV7ZNAHS3E6PBFLJGENCDRDRWRZZ6W
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6SCV7ZNAHS3E6PBFLJGENCDRDRWRZZ6W
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FMUGWEAUYGGHTPPXT6YBD53WYXQGVV73
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FMUGWEAUYGGHTPPXT6YBD53WYXQGVV73
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-33503
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-33503
13
reference_url https://security.gentoo.org/glsa/202107-36
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202107-36
14
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2021.html
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1968074
reference_id 1968074
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1968074
16
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989848
reference_id 989848
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989848
17
reference_url https://security.archlinux.org/ASA-202106-25
reference_id ASA-202106-25
reference_type
scores
url https://security.archlinux.org/ASA-202106-25
18
reference_url https://security.archlinux.org/AVG-2038
reference_id AVG-2038
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2038
19
reference_url https://access.redhat.com/errata/RHSA-2021:3473
reference_id RHSA-2021:3473
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3473
20
reference_url https://access.redhat.com/errata/RHSA-2021:4160
reference_id RHSA-2021:4160
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4160
21
reference_url https://access.redhat.com/errata/RHSA-2021:4162
reference_id RHSA-2021:4162
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4162
22
reference_url https://access.redhat.com/errata/RHSA-2021:4702
reference_id RHSA-2021:4702
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4702
23
reference_url https://usn.ubuntu.com/5812-1/
reference_id USN-5812-1
reference_type
scores
url https://usn.ubuntu.com/5812-1/
fixed_packages
0
url pkg:pypi/urllib3@1.26.5
purl pkg:pypi/urllib3@1.26.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4evk-srqq-fuef
1
vulnerability VCID-5tkp-pxz9-h7c2
2
vulnerability VCID-7wcj-zvjq-xud3
3
vulnerability VCID-969r-9mvk-uyh4
4
vulnerability VCID-kjka-a931-uygj
5
vulnerability VCID-v365-pn8r-e7dh
6
vulnerability VCID-zevs-1ge5-y7g7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/urllib3@1.26.5
aliases CVE-2021-33503, GHSA-q2q7-5pp4-w6pg, PYSEC-2021-108
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8par-whwz-6kft
6
url VCID-969r-9mvk-uyh4
vulnerability_id VCID-969r-9mvk-uyh4
summary urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. This issue has been patched in urllib3 version 1.26.17 or 2.0.5.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-43804.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-43804.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-43804
reference_id
reference_type
scores
0
value 0.00867
scoring_system epss
scoring_elements 0.75148
published_at 2026-04-13T12:55:00Z
1
value 0.00867
scoring_system epss
scoring_elements 0.75182
published_at 2026-04-11T12:55:00Z
2
value 0.00867
scoring_system epss
scoring_elements 0.7516
published_at 2026-04-12T12:55:00Z
3
value 0.00867
scoring_system epss
scoring_elements 0.75114
published_at 2026-04-07T12:55:00Z
4
value 0.00867
scoring_system epss
scoring_elements 0.75136
published_at 2026-04-04T12:55:00Z
5
value 0.00867
scoring_system epss
scoring_elements 0.75107
published_at 2026-04-02T12:55:00Z
6
value 0.0095
scoring_system epss
scoring_elements 0.76405
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-43804
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43804
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43804
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2023-192.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value 7.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2023-192.yaml
5
reference_url https://github.com/urllib3/urllib3
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value 7.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/urllib3/urllib3
6
reference_url https://github.com/urllib3/urllib3/commit/01220354d389cd05474713f8c982d05c9b17aafb
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
2
value 7.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/urllib3/urllib3/commit/01220354d389cd05474713f8c982d05c9b17aafb
7
reference_url https://github.com/urllib3/urllib3/commit/644124ecd0b6e417c527191f866daa05a5a2056d
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
2
value 7.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/urllib3/urllib3/commit/644124ecd0b6e417c527191f866daa05a5a2056d
8
reference_url https://github.com/urllib3/urllib3/security/advisories/GHSA-v845-jxx5-vc9f
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value 7.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
4
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/urllib3/urllib3/security/advisories/GHSA-v845-jxx5-vc9f
9
reference_url https://lists.debian.org/debian-lts-announce/2023/10/msg00012.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
2
value 7.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2023/10/msg00012.html
10
reference_url https://lists.debian.org/debian-lts-announce/2024/12/msg00020.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value 7.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2024/12/msg00020.html
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5F5CUBAN5XMEBVBZPHFITBLMJV5FIJJ5
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value 7.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5F5CUBAN5XMEBVBZPHFITBLMJV5FIJJ5
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I3PR7C6RJ6JUBQKIJ644DMIJSUP36VDY
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value 7.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I3PR7C6RJ6JUBQKIJ644DMIJSUP36VDY
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDAGZXYJ7H2G3SB47M453VQVNAWKAEJJ
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value 7.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDAGZXYJ7H2G3SB47M453VQVNAWKAEJJ
14
reference_url https://security.netapp.com/advisory/ntap-20241213-0007
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value 7.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20241213-0007
15
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053626
reference_id 1053626
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053626
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2242493
reference_id 2242493
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2242493
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-43804
reference_id CVE-2023-43804
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value 7.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-43804
18
reference_url https://www.vicarius.io/vsociety/posts/cve-2023-43804-urllib3-vulnerability-3
reference_id CVE-2023-43804-URLLIB3-VULNERABILITY-3
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value 7.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.vicarius.io/vsociety/posts/cve-2023-43804-urllib3-vulnerability-3
19
reference_url https://github.com/advisories/GHSA-v845-jxx5-vc9f
reference_id GHSA-v845-jxx5-vc9f
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v845-jxx5-vc9f
20
reference_url https://access.redhat.com/errata/RHSA-2023:6158
reference_id RHSA-2023:6158
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6158
21
reference_url https://access.redhat.com/errata/RHSA-2023:6812
reference_id RHSA-2023:6812
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6812
22
reference_url https://access.redhat.com/errata/RHSA-2023:7378
reference_id RHSA-2023:7378
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7378
23
reference_url https://access.redhat.com/errata/RHSA-2023:7385
reference_id RHSA-2023:7385
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7385
24
reference_url https://access.redhat.com/errata/RHSA-2023:7407
reference_id RHSA-2023:7407
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7407
25
reference_url https://access.redhat.com/errata/RHSA-2023:7435
reference_id RHSA-2023:7435
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7435
26
reference_url https://access.redhat.com/errata/RHSA-2023:7523
reference_id RHSA-2023:7523
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7523
27
reference_url https://access.redhat.com/errata/RHSA-2023:7528
reference_id RHSA-2023:7528
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7528
28
reference_url https://access.redhat.com/errata/RHSA-2023:7753
reference_id RHSA-2023:7753
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7753
29
reference_url https://access.redhat.com/errata/RHSA-2024:0116
reference_id RHSA-2024:0116
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0116
30
reference_url https://access.redhat.com/errata/RHSA-2024:0133
reference_id RHSA-2024:0133
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0133
31
reference_url https://access.redhat.com/errata/RHSA-2024:0187
reference_id RHSA-2024:0187
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0187
32
reference_url https://access.redhat.com/errata/RHSA-2024:0300
reference_id RHSA-2024:0300
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0300
33
reference_url https://access.redhat.com/errata/RHSA-2024:0464
reference_id RHSA-2024:0464
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0464
34
reference_url https://access.redhat.com/errata/RHSA-2024:0588
reference_id RHSA-2024:0588
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0588
35
reference_url https://access.redhat.com/errata/RHSA-2024:1383
reference_id RHSA-2024:1383
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1383
36
reference_url https://access.redhat.com/errata/RHSA-2024:2159
reference_id RHSA-2024:2159
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2159
37
reference_url https://access.redhat.com/errata/RHSA-2024:2985
reference_id RHSA-2024:2985
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2985
38
reference_url https://access.redhat.com/errata/RHSA-2024:2986
reference_id RHSA-2024:2986
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2986
39
reference_url https://access.redhat.com/errata/RHSA-2024:2987
reference_id RHSA-2024:2987
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2987
40
reference_url https://usn.ubuntu.com/6473-1/
reference_id USN-6473-1
reference_type
scores
url https://usn.ubuntu.com/6473-1/
41
reference_url https://usn.ubuntu.com/6473-2/
reference_id USN-6473-2
reference_type
scores
url https://usn.ubuntu.com/6473-2/
fixed_packages
0
url pkg:pypi/urllib3@1.26.17
purl pkg:pypi/urllib3@1.26.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4evk-srqq-fuef
1
vulnerability VCID-5tkp-pxz9-h7c2
2
vulnerability VCID-7wcj-zvjq-xud3
3
vulnerability VCID-kjka-a931-uygj
4
vulnerability VCID-v365-pn8r-e7dh
5
vulnerability VCID-zevs-1ge5-y7g7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/urllib3@1.26.17
1
url pkg:pypi/urllib3@2.0.0a1
purl pkg:pypi/urllib3@2.0.0a1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7wcj-zvjq-xud3
1
vulnerability VCID-kjka-a931-uygj
2
vulnerability VCID-v365-pn8r-e7dh
3
vulnerability VCID-zevs-1ge5-y7g7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/urllib3@2.0.0a1
2
url pkg:pypi/urllib3@2.0.6
purl pkg:pypi/urllib3@2.0.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4evk-srqq-fuef
1
vulnerability VCID-5tkp-pxz9-h7c2
2
vulnerability VCID-7wcj-zvjq-xud3
3
vulnerability VCID-kjka-a931-uygj
4
vulnerability VCID-v365-pn8r-e7dh
5
vulnerability VCID-zevs-1ge5-y7g7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/urllib3@2.0.6
aliases CVE-2023-43804, GHSA-v845-jxx5-vc9f, PYSEC-2023-192
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-969r-9mvk-uyh4
7
url VCID-b3e6-k53t-bkgk
vulnerability_id VCID-b3e6-k53t-bkgk
summary In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00039.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00039.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00041.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00041.html
2
reference_url https://access.redhat.com/errata/RHSA-2019:2272
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:2272
3
reference_url https://access.redhat.com/errata/RHSA-2019:3335
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:3335
4
reference_url https://access.redhat.com/errata/RHSA-2019:3590
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:3590
5
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11236.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11236.json
6
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-11236
reference_id
reference_type
scores
0
value 0.00624
scoring_system epss
scoring_elements 0.70106
published_at 2026-04-02T12:55:00Z
1
value 0.00624
scoring_system epss
scoring_elements 0.70121
published_at 2026-04-04T12:55:00Z
2
value 0.00624
scoring_system epss
scoring_elements 0.70098
published_at 2026-04-07T12:55:00Z
3
value 0.00624
scoring_system epss
scoring_elements 0.70145
published_at 2026-04-08T12:55:00Z
4
value 0.00624
scoring_system epss
scoring_elements 0.70161
published_at 2026-04-09T12:55:00Z
5
value 0.00624
scoring_system epss
scoring_elements 0.70185
published_at 2026-04-11T12:55:00Z
6
value 0.00624
scoring_system epss
scoring_elements 0.7017
published_at 2026-04-12T12:55:00Z
7
value 0.00624
scoring_system epss
scoring_elements 0.70158
published_at 2026-04-13T12:55:00Z
8
value 0.00624
scoring_system epss
scoring_elements 0.702
published_at 2026-04-16T12:55:00Z
9
value 0.00624
scoring_system epss
scoring_elements 0.70094
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-11236
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11236
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11236
8
reference_url https://github.com/advisories/GHSA-r64q-w8jr-g9qp
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-r64q-w8jr-g9qp
9
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2019-132.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2019-132.yaml
10
reference_url https://github.com/urllib3/urllib3
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/urllib3/urllib3
11
reference_url https://github.com/urllib3/urllib3/issues/1553
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/urllib3/urllib3/issues/1553
12
reference_url https://lists.debian.org/debian-lts-announce/2019/06/msg00016.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2019/06/msg00016.html
13
reference_url https://lists.debian.org/debian-lts-announce/2021/06/msg00015.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2021/06/msg00015.html
14
reference_url https://lists.debian.org/debian-lts-announce/2023/10/msg00012.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2023/10/msg00012.html
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NKGPJLVLVYCL4L4B4G5TIOTVK4BKPG72/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NKGPJLVLVYCL4L4B4G5TIOTVK4BKPG72/
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R62XGEYPUTXMRHGX5I37EBCGQ5COHGKR/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R62XGEYPUTXMRHGX5I37EBCGQ5COHGKR/
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TBI45HO533KYHNB5YRO43TBYKA3E3VRL/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TBI45HO533KYHNB5YRO43TBYKA3E3VRL/
18
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XOSA2NT4DUQDBEIWE6O7KKD24XND7TE2/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XOSA2NT4DUQDBEIWE6O7KKD24XND7TE2/
19
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NKGPJLVLVYCL4L4B4G5TIOTVK4BKPG72
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NKGPJLVLVYCL4L4B4G5TIOTVK4BKPG72
20
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NKGPJLVLVYCL4L4B4G5TIOTVK4BKPG72/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NKGPJLVLVYCL4L4B4G5TIOTVK4BKPG72/
21
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R62XGEYPUTXMRHGX5I37EBCGQ5COHGKR
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R62XGEYPUTXMRHGX5I37EBCGQ5COHGKR
22
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R62XGEYPUTXMRHGX5I37EBCGQ5COHGKR/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R62XGEYPUTXMRHGX5I37EBCGQ5COHGKR/
23
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TBI45HO533KYHNB5YRO43TBYKA3E3VRL
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TBI45HO533KYHNB5YRO43TBYKA3E3VRL
24
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TBI45HO533KYHNB5YRO43TBYKA3E3VRL/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TBI45HO533KYHNB5YRO43TBYKA3E3VRL/
25
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOSA2NT4DUQDBEIWE6O7KKD24XND7TE2
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOSA2NT4DUQDBEIWE6O7KKD24XND7TE2
26
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOSA2NT4DUQDBEIWE6O7KKD24XND7TE2/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOSA2NT4DUQDBEIWE6O7KKD24XND7TE2/
27
reference_url https://usn.ubuntu.com/3990-1
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/3990-1
28
reference_url https://usn.ubuntu.com/3990-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/3990-1/
29
reference_url https://usn.ubuntu.com/3990-2
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/3990-2
30
reference_url https://usn.ubuntu.com/3990-2/
reference_id
reference_type
scores
url https://usn.ubuntu.com/3990-2/
31
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1700824
reference_id 1700824
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1700824
32
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927172
reference_id 927172
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927172
33
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:urllib3:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:python:urllib3:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:urllib3:*:*:*:*:*:*:*:*
34
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-11236
reference_id CVE-2019-11236
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:N/I:P/A:N
1
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
3
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
4
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-11236
35
reference_url https://access.redhat.com/errata/RHSA-2020:0850
reference_id RHSA-2020:0850
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0850
36
reference_url https://access.redhat.com/errata/RHSA-2020:0851
reference_id RHSA-2020:0851
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0851
37
reference_url https://access.redhat.com/errata/RHSA-2020:1605
reference_id RHSA-2020:1605
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:1605
38
reference_url https://access.redhat.com/errata/RHSA-2020:1916
reference_id RHSA-2020:1916
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:1916
39
reference_url https://access.redhat.com/errata/RHSA-2020:2068
reference_id RHSA-2020:2068
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2068
40
reference_url https://access.redhat.com/errata/RHSA-2020:2081
reference_id RHSA-2020:2081
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2081
fixed_packages
0
url pkg:pypi/urllib3@1.24.3
purl pkg:pypi/urllib3@1.24.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4evk-srqq-fuef
1
vulnerability VCID-5tkp-pxz9-h7c2
2
vulnerability VCID-7wcj-zvjq-xud3
3
vulnerability VCID-8par-whwz-6kft
4
vulnerability VCID-969r-9mvk-uyh4
5
vulnerability VCID-gxkt-bvtg-gbaj
6
vulnerability VCID-kjka-a931-uygj
7
vulnerability VCID-v365-pn8r-e7dh
8
vulnerability VCID-zevs-1ge5-y7g7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/urllib3@1.24.3
aliases CVE-2019-11236, GHSA-r64q-w8jr-g9qp, PYSEC-2019-132
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b3e6-k53t-bkgk
8
url VCID-gxkt-bvtg-gbaj
vulnerability_id VCID-gxkt-bvtg-gbaj
summary urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-26137.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-26137.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-26137
reference_id
reference_type
scores
0
value 0.00277
scoring_system epss
scoring_elements 0.51195
published_at 2026-04-16T12:55:00Z
1
value 0.00277
scoring_system epss
scoring_elements 0.51156
published_at 2026-04-13T12:55:00Z
2
value 0.00277
scoring_system epss
scoring_elements 0.51061
published_at 2026-04-01T12:55:00Z
3
value 0.00277
scoring_system epss
scoring_elements 0.51171
published_at 2026-04-12T12:55:00Z
4
value 0.00277
scoring_system epss
scoring_elements 0.51193
published_at 2026-04-11T12:55:00Z
5
value 0.00277
scoring_system epss
scoring_elements 0.51149
published_at 2026-04-09T12:55:00Z
6
value 0.00277
scoring_system epss
scoring_elements 0.51152
published_at 2026-04-08T12:55:00Z
7
value 0.00277
scoring_system epss
scoring_elements 0.51097
published_at 2026-04-07T12:55:00Z
8
value 0.00277
scoring_system epss
scoring_elements 0.51139
published_at 2026-04-04T12:55:00Z
9
value 0.00277
scoring_system epss
scoring_elements 0.51115
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-26137
2
reference_url https://bugs.python.org/issue39603
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.python.org/issue39603
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26137
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26137
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/advisories/GHSA-wqvq-5m8c-6g24
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wqvq-5m8c-6g24
6
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2020-148.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2020-148.yaml
7
reference_url https://github.com/urllib3/urllib3
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/urllib3/urllib3
8
reference_url https://github.com/urllib3/urllib3/commit/1dd69c5c5982fae7c87a620d487c2ebf7a6b436b
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/urllib3/urllib3/commit/1dd69c5c5982fae7c87a620d487c2ebf7a6b436b
9
reference_url https://github.com/urllib3/urllib3/pull/1800
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/urllib3/urllib3/pull/1800
10
reference_url https://lists.debian.org/debian-lts-announce/2021/06/msg00015.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2021/06/msg00015.html
11
reference_url https://lists.debian.org/debian-lts-announce/2023/10/msg00012.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2023/10/msg00012.html
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-26137
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-26137
13
reference_url https://usn.ubuntu.com/4570-1
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4570-1
14
reference_url https://usn.ubuntu.com/4570-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4570-1/
15
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2022.html
16
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2021.html
17
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1883632
reference_id 1883632
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1883632
18
reference_url https://access.redhat.com/errata/RHSA-2020:4299
reference_id RHSA-2020:4299
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4299
19
reference_url https://access.redhat.com/errata/RHSA-2021:0034
reference_id RHSA-2021:0034
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0034
20
reference_url https://access.redhat.com/errata/RHSA-2021:0079
reference_id RHSA-2021:0079
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0079
21
reference_url https://access.redhat.com/errata/RHSA-2021:1631
reference_id RHSA-2021:1631
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1631
22
reference_url https://access.redhat.com/errata/RHSA-2021:1761
reference_id RHSA-2021:1761
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1761
23
reference_url https://access.redhat.com/errata/RHSA-2022:5235
reference_id RHSA-2022:5235
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5235
fixed_packages
0
url pkg:pypi/urllib3@1.25.9
purl pkg:pypi/urllib3@1.25.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4evk-srqq-fuef
1
vulnerability VCID-5tkp-pxz9-h7c2
2
vulnerability VCID-7wcj-zvjq-xud3
3
vulnerability VCID-8par-whwz-6kft
4
vulnerability VCID-969r-9mvk-uyh4
5
vulnerability VCID-kjka-a931-uygj
6
vulnerability VCID-v365-pn8r-e7dh
7
vulnerability VCID-zevs-1ge5-y7g7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/urllib3@1.25.9
aliases CVE-2020-26137, GHSA-wqvq-5m8c-6g24, PYSEC-2020-148
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gxkt-bvtg-gbaj
9
url VCID-squd-j9t3-9khh
vulnerability_id VCID-squd-j9t3-9khh
summary urllib3 before 1.24.2 does not remove the authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the authorization header to be exposed to unintended hosts or transmitted in cleartext. NOTE: this issue exists because of an incomplete fix for CVE-2018-20060 (which was case-sensitive).
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-25091.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-25091.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-25091
reference_id
reference_type
scores
0
value 0.0025
scoring_system epss
scoring_elements 0.48444
published_at 2026-04-16T12:55:00Z
1
value 0.0025
scoring_system epss
scoring_elements 0.4836
published_at 2026-04-02T12:55:00Z
2
value 0.0025
scoring_system epss
scoring_elements 0.48393
published_at 2026-04-13T12:55:00Z
3
value 0.0025
scoring_system epss
scoring_elements 0.48381
published_at 2026-04-12T12:55:00Z
4
value 0.0025
scoring_system epss
scoring_elements 0.48383
published_at 2026-04-09T12:55:00Z
5
value 0.0025
scoring_system epss
scoring_elements 0.48389
published_at 2026-04-08T12:55:00Z
6
value 0.0025
scoring_system epss
scoring_elements 0.48334
published_at 2026-04-07T12:55:00Z
7
value 0.0025
scoring_system epss
scoring_elements 0.48325
published_at 2026-04-01T12:55:00Z
8
value 0.0025
scoring_system epss
scoring_elements 0.48408
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-25091
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25091
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25091
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2023-207.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2023-207.yaml
5
reference_url https://github.com/urllib3/urllib3
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/urllib3/urllib3
6
reference_url https://github.com/urllib3/urllib3/commit/adb358f8e06865406d1f05e581a16cbea2136fbc
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-16T19:01:32Z/
url https://github.com/urllib3/urllib3/commit/adb358f8e06865406d1f05e581a16cbea2136fbc
7
reference_url https://github.com/urllib3/urllib3/compare/1.24.1...1.24.2
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-16T19:01:32Z/
url https://github.com/urllib3/urllib3/compare/1.24.1...1.24.2
8
reference_url https://github.com/urllib3/urllib3/issues/1510
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-16T19:01:32Z/
url https://github.com/urllib3/urllib3/issues/1510
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2244340
reference_id 2244340
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2244340
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-25091
reference_id CVE-2018-25091
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-25091
11
reference_url https://github.com/advisories/GHSA-gwvm-45gx-3cf8
reference_id GHSA-gwvm-45gx-3cf8
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gwvm-45gx-3cf8
12
reference_url https://access.redhat.com/errata/RHSA-2024:2988
reference_id RHSA-2024:2988
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2988
13
reference_url https://usn.ubuntu.com/6473-1/
reference_id USN-6473-1
reference_type
scores
url https://usn.ubuntu.com/6473-1/
14
reference_url https://usn.ubuntu.com/6473-2/
reference_id USN-6473-2
reference_type
scores
url https://usn.ubuntu.com/6473-2/
fixed_packages
0
url pkg:pypi/urllib3@1.24.2
purl pkg:pypi/urllib3@1.24.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4evk-srqq-fuef
1
vulnerability VCID-5tkp-pxz9-h7c2
2
vulnerability VCID-692s-9j5p-gbf1
3
vulnerability VCID-7wcj-zvjq-xud3
4
vulnerability VCID-8par-whwz-6kft
5
vulnerability VCID-969r-9mvk-uyh4
6
vulnerability VCID-b3e6-k53t-bkgk
7
vulnerability VCID-gxkt-bvtg-gbaj
8
vulnerability VCID-kjka-a931-uygj
9
vulnerability VCID-v365-pn8r-e7dh
10
vulnerability VCID-zevs-1ge5-y7g7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/urllib3@1.24.2
aliases CVE-2018-25091, GHSA-gwvm-45gx-3cf8, PYSEC-2023-207
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-squd-j9t3-9khh
10
url VCID-swgb-7b34-h3a9
vulnerability_id VCID-swgb-7b34-h3a9
summary urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00039.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00039.html
1
reference_url https://access.redhat.com/errata/RHSA-2019:2272
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:2272
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20060.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20060.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-20060
reference_id
reference_type
scores
0
value 0.00434
scoring_system epss
scoring_elements 0.62859
published_at 2026-04-16T12:55:00Z
1
value 0.00434
scoring_system epss
scoring_elements 0.62854
published_at 2026-04-11T12:55:00Z
2
value 0.00434
scoring_system epss
scoring_elements 0.62836
published_at 2026-04-09T12:55:00Z
3
value 0.00434
scoring_system epss
scoring_elements 0.62819
published_at 2026-04-13T12:55:00Z
4
value 0.00434
scoring_system epss
scoring_elements 0.62768
published_at 2026-04-07T12:55:00Z
5
value 0.00434
scoring_system epss
scoring_elements 0.62804
published_at 2026-04-04T12:55:00Z
6
value 0.00434
scoring_system epss
scoring_elements 0.62774
published_at 2026-04-02T12:55:00Z
7
value 0.00434
scoring_system epss
scoring_elements 0.62717
published_at 2026-04-01T12:55:00Z
8
value 0.00434
scoring_system epss
scoring_elements 0.62842
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-20060
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1649153
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1649153
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20060
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20060
6
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 2.6
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
7
reference_url https://github.com/advisories/GHSA-www2-v7xj-xrc6
reference_id
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-www2-v7xj-xrc6
8
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2018-32.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2018-32.yaml
9
reference_url https://github.com/urllib3/urllib3
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/urllib3/urllib3
10
reference_url https://github.com/urllib3/urllib3/blob/master/CHANGES.rst
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/urllib3/urllib3/blob/master/CHANGES.rst
11
reference_url https://github.com/urllib3/urllib3/commit/560bd227b90f74417ffaedebf5f8d05a8ee4f532
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/urllib3/urllib3/commit/560bd227b90f74417ffaedebf5f8d05a8ee4f532
12
reference_url https://github.com/urllib3/urllib3/issues/1316
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/urllib3/urllib3/issues/1316
13
reference_url https://github.com/urllib3/urllib3/pull/1346
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/urllib3/urllib3/pull/1346
14
reference_url https://lists.debian.org/debian-lts-announce/2021/06/msg00015.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2021/06/msg00015.html
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5SJERZEJDSUYQP7BNBXMBHRHGY26HRZD
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5SJERZEJDSUYQP7BNBXMBHRHGY26HRZD
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BXLAXHM3Z6DUCXZ7ZXZ2EAYJXWDCZFCT
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BXLAXHM3Z6DUCXZ7ZXZ2EAYJXWDCZFCT
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWP36YW3KSVLXDBY3QJKDYEPCIMN3VQZ
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWP36YW3KSVLXDBY3QJKDYEPCIMN3VQZ
18
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5SJERZEJDSUYQP7BNBXMBHRHGY26HRZD
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5SJERZEJDSUYQP7BNBXMBHRHGY26HRZD
19
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5SJERZEJDSUYQP7BNBXMBHRHGY26HRZD/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5SJERZEJDSUYQP7BNBXMBHRHGY26HRZD/
20
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BXLAXHM3Z6DUCXZ7ZXZ2EAYJXWDCZFCT
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BXLAXHM3Z6DUCXZ7ZXZ2EAYJXWDCZFCT
21
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BXLAXHM3Z6DUCXZ7ZXZ2EAYJXWDCZFCT/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BXLAXHM3Z6DUCXZ7ZXZ2EAYJXWDCZFCT/
22
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWP36YW3KSVLXDBY3QJKDYEPCIMN3VQZ
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWP36YW3KSVLXDBY3QJKDYEPCIMN3VQZ
23
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWP36YW3KSVLXDBY3QJKDYEPCIMN3VQZ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWP36YW3KSVLXDBY3QJKDYEPCIMN3VQZ/
24
reference_url https://security.netapp.com/advisory/ntap-20241227-0010
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20241227-0010
25
reference_url https://usn.ubuntu.com/3990-1
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/3990-1
26
reference_url https://usn.ubuntu.com/3990-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/3990-1/
27
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-20060
reference_id CVE-2018-20060
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-20060
28
reference_url https://access.redhat.com/errata/RHSA-2020:0850
reference_id RHSA-2020:0850
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0850
29
reference_url https://access.redhat.com/errata/RHSA-2020:0851
reference_id RHSA-2020:0851
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0851
30
reference_url https://access.redhat.com/errata/RHSA-2020:1605
reference_id RHSA-2020:1605
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:1605
31
reference_url https://access.redhat.com/errata/RHSA-2020:1916
reference_id RHSA-2020:1916
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:1916
32
reference_url https://access.redhat.com/errata/RHSA-2020:2068
reference_id RHSA-2020:2068
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2068
33
reference_url https://access.redhat.com/errata/RHSA-2020:2081
reference_id RHSA-2020:2081
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2081
fixed_packages
0
url pkg:pypi/urllib3@1.23
purl pkg:pypi/urllib3@1.23
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4evk-srqq-fuef
1
vulnerability VCID-5tkp-pxz9-h7c2
2
vulnerability VCID-692s-9j5p-gbf1
3
vulnerability VCID-6kxp-qa5x-q3bq
4
vulnerability VCID-7wcj-zvjq-xud3
5
vulnerability VCID-8par-whwz-6kft
6
vulnerability VCID-969r-9mvk-uyh4
7
vulnerability VCID-b3e6-k53t-bkgk
8
vulnerability VCID-gxkt-bvtg-gbaj
9
vulnerability VCID-kjka-a931-uygj
10
vulnerability VCID-squd-j9t3-9khh
11
vulnerability VCID-x61z-9ntw-x3dh
12
vulnerability VCID-zevs-1ge5-y7g7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/urllib3@1.23
aliases CVE-2018-20060, GHSA-www2-v7xj-xrc6, PYSEC-2018-32
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-swgb-7b34-h3a9
11
url VCID-x61z-9ntw-x3dh
vulnerability_id VCID-x61z-9ntw-x3dh
summary The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure is the correct outcome. This is related to use of the ssl_context, ca_certs, or ca_certs_dir argument.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00039.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00039.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00041.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00041.html
2
reference_url https://access.redhat.com/errata/RHSA-2019:3335
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:3335
3
reference_url https://access.redhat.com/errata/RHSA-2019:3590
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:3590
4
reference_url https://github.com/urllib3/urllib3/compare/a6ec68a...1efadf4
reference_id
reference_type
scores
url https://github.com/urllib3/urllib3/compare/a6ec68a...1efadf4
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NKGPJLVLVYCL4L4B4G5TIOTVK4BKPG72/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NKGPJLVLVYCL4L4B4G5TIOTVK4BKPG72/
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOSA2NT4DUQDBEIWE6O7KKD24XND7TE2/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOSA2NT4DUQDBEIWE6O7KKD24XND7TE2/
7
reference_url https://usn.ubuntu.com/3990-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/3990-1/
8
reference_url http://www.openwall.com/lists/oss-security/2019/04/19/1
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2019/04/19/1
fixed_packages
0
url pkg:pypi/urllib3@1.24.2
purl pkg:pypi/urllib3@1.24.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4evk-srqq-fuef
1
vulnerability VCID-5tkp-pxz9-h7c2
2
vulnerability VCID-692s-9j5p-gbf1
3
vulnerability VCID-7wcj-zvjq-xud3
4
vulnerability VCID-8par-whwz-6kft
5
vulnerability VCID-969r-9mvk-uyh4
6
vulnerability VCID-b3e6-k53t-bkgk
7
vulnerability VCID-gxkt-bvtg-gbaj
8
vulnerability VCID-kjka-a931-uygj
9
vulnerability VCID-v365-pn8r-e7dh
10
vulnerability VCID-zevs-1ge5-y7g7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/urllib3@1.24.2
aliases PYSEC-2019-63
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x61z-9ntw-x3dh
12
url VCID-zevs-1ge5-y7g7
vulnerability_id VCID-zevs-1ge5-y7g7
summary 
urllib3 streaming API improperly handles highly compressed data
urllib3's [streaming API](https://urllib3.readthedocs.io/en/2.5.0/advanced-usage.html#streaming-and-i-o) is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once.

When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP `Content-Encoding` header (e.g., `gzip`, `deflate`, `br`, or `zstd`). The library must read compressed data from the network and decompress it until the requested chunk size is met. Any resulting decompressed data that exceeds the requested amount is held in an internal buffer for the next read operation.

The decompression logic could cause urllib3 to fully decode a small amount of highly compressed data in a single operation. This can result in excessive resource consumption (high CPU usage and massive memory allocation for the decompressed data; CWE-409) on the client side, even if the application only requested a small chunk of data.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-66471.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-66471.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-66471
reference_id
reference_type
scores
0
value 0.00027
scoring_system epss
scoring_elements 0.0744
published_at 2026-04-02T12:55:00Z
1
value 0.00027
scoring_system epss
scoring_elements 0.07482
published_at 2026-04-04T12:55:00Z
2
value 0.00031
scoring_system epss
scoring_elements 0.08998
published_at 2026-04-12T12:55:00Z
3
value 0.00031
scoring_system epss
scoring_elements 0.09034
published_at 2026-04-11T12:55:00Z
4
value 0.00031
scoring_system epss
scoring_elements 0.09002
published_at 2026-04-08T12:55:00Z
5
value 0.00031
scoring_system epss
scoring_elements 0.08924
published_at 2026-04-07T12:55:00Z
6
value 0.00031
scoring_system epss
scoring_elements 0.08877
published_at 2026-04-16T12:55:00Z
7
value 0.00031
scoring_system epss
scoring_elements 0.08985
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-66471
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66471
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66471
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/urllib3/urllib3
reference_id
reference_type
scores
0
value 8.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/urllib3/urllib3
5
reference_url https://github.com/urllib3/urllib3/commit/c19571de34c47de3a766541b041637ba5f716ed7
reference_id
reference_type
scores
0
value 8.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-05T19:32:57Z/
url https://github.com/urllib3/urllib3/commit/c19571de34c47de3a766541b041637ba5f716ed7
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122029
reference_id 1122029
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122029
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2419467
reference_id 2419467
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2419467
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-66471
reference_id CVE-2025-66471
reference_type
scores
0
value 8.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-66471
9
reference_url https://github.com/advisories/GHSA-2xpw-w6gg-jr37
reference_id GHSA-2xpw-w6gg-jr37
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2xpw-w6gg-jr37
10
reference_url https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37
reference_id GHSA-2xpw-w6gg-jr37
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
1
value 8.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-05T19:32:57Z/
url https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37
11
reference_url https://access.redhat.com/errata/RHSA-2026:0981
reference_id RHSA-2026:0981
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:0981
12
reference_url https://access.redhat.com/errata/RHSA-2026:0990
reference_id RHSA-2026:0990
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:0990
13
reference_url https://access.redhat.com/errata/RHSA-2026:1038
reference_id RHSA-2026:1038
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1038
14
reference_url https://access.redhat.com/errata/RHSA-2026:1041
reference_id RHSA-2026:1041
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1041
15
reference_url https://access.redhat.com/errata/RHSA-2026:1042
reference_id RHSA-2026:1042
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1042
16
reference_url https://access.redhat.com/errata/RHSA-2026:1086
reference_id RHSA-2026:1086
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1086
17
reference_url https://access.redhat.com/errata/RHSA-2026:1087
reference_id RHSA-2026:1087
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1087
18
reference_url https://access.redhat.com/errata/RHSA-2026:1088
reference_id RHSA-2026:1088
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1088
19
reference_url https://access.redhat.com/errata/RHSA-2026:1089
reference_id RHSA-2026:1089
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1089
20
reference_url https://access.redhat.com/errata/RHSA-2026:1166
reference_id RHSA-2026:1166
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1166
21
reference_url https://access.redhat.com/errata/RHSA-2026:1168
reference_id RHSA-2026:1168
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1168
22
reference_url https://access.redhat.com/errata/RHSA-2026:1176
reference_id RHSA-2026:1176
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1176
23
reference_url https://access.redhat.com/errata/RHSA-2026:1224
reference_id RHSA-2026:1224
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1224
24
reference_url https://access.redhat.com/errata/RHSA-2026:1226
reference_id RHSA-2026:1226
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1226
25
reference_url https://access.redhat.com/errata/RHSA-2026:1239
reference_id RHSA-2026:1239
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1239
26
reference_url https://access.redhat.com/errata/RHSA-2026:1240
reference_id RHSA-2026:1240
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1240
27
reference_url https://access.redhat.com/errata/RHSA-2026:1241
reference_id RHSA-2026:1241
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1241
28
reference_url https://access.redhat.com/errata/RHSA-2026:1249
reference_id RHSA-2026:1249
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1249
29
reference_url https://access.redhat.com/errata/RHSA-2026:1254
reference_id RHSA-2026:1254
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1254
30
reference_url https://access.redhat.com/errata/RHSA-2026:1485
reference_id RHSA-2026:1485
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1485
31
reference_url https://access.redhat.com/errata/RHSA-2026:1497
reference_id RHSA-2026:1497
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1497
32
reference_url https://access.redhat.com/errata/RHSA-2026:1504
reference_id RHSA-2026:1504
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1504
33
reference_url https://access.redhat.com/errata/RHSA-2026:1506
reference_id RHSA-2026:1506
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1506
34
reference_url https://access.redhat.com/errata/RHSA-2026:1546
reference_id RHSA-2026:1546
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1546
35
reference_url https://access.redhat.com/errata/RHSA-2026:1596
reference_id RHSA-2026:1596
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1596
36
reference_url https://access.redhat.com/errata/RHSA-2026:1599
reference_id RHSA-2026:1599
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1599
37
reference_url https://access.redhat.com/errata/RHSA-2026:1600
reference_id RHSA-2026:1600
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1600
38
reference_url https://access.redhat.com/errata/RHSA-2026:1609
reference_id RHSA-2026:1609
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1609
39
reference_url https://access.redhat.com/errata/RHSA-2026:1618
reference_id RHSA-2026:1618
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1618
40
reference_url https://access.redhat.com/errata/RHSA-2026:1619
reference_id RHSA-2026:1619
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1619
41
reference_url https://access.redhat.com/errata/RHSA-2026:1652
reference_id RHSA-2026:1652
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1652
42
reference_url https://access.redhat.com/errata/RHSA-2026:1674
reference_id RHSA-2026:1674
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1674
43
reference_url https://access.redhat.com/errata/RHSA-2026:1676
reference_id RHSA-2026:1676
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1676
44
reference_url https://access.redhat.com/errata/RHSA-2026:1693
reference_id RHSA-2026:1693
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1693
45
reference_url https://access.redhat.com/errata/RHSA-2026:1704
reference_id RHSA-2026:1704
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1704
46
reference_url https://access.redhat.com/errata/RHSA-2026:1706
reference_id RHSA-2026:1706
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1706
47
reference_url https://access.redhat.com/errata/RHSA-2026:1712
reference_id RHSA-2026:1712
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1712
48
reference_url https://access.redhat.com/errata/RHSA-2026:1717
reference_id RHSA-2026:1717
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1717
49
reference_url https://access.redhat.com/errata/RHSA-2026:1726
reference_id RHSA-2026:1726
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1726
50
reference_url https://access.redhat.com/errata/RHSA-2026:1729
reference_id RHSA-2026:1729
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1729
51
reference_url https://access.redhat.com/errata/RHSA-2026:1730
reference_id RHSA-2026:1730
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1730
52
reference_url https://access.redhat.com/errata/RHSA-2026:1734
reference_id RHSA-2026:1734
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1734
53
reference_url https://access.redhat.com/errata/RHSA-2026:1735
reference_id RHSA-2026:1735
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1735
54
reference_url https://access.redhat.com/errata/RHSA-2026:1736
reference_id RHSA-2026:1736
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1736
55
reference_url https://access.redhat.com/errata/RHSA-2026:1791
reference_id RHSA-2026:1791
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1791
56
reference_url https://access.redhat.com/errata/RHSA-2026:1792
reference_id RHSA-2026:1792
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1792
57
reference_url https://access.redhat.com/errata/RHSA-2026:1793
reference_id RHSA-2026:1793
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1793
58
reference_url https://access.redhat.com/errata/RHSA-2026:1794
reference_id RHSA-2026:1794
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1794
59
reference_url https://access.redhat.com/errata/RHSA-2026:1795
reference_id RHSA-2026:1795
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1795
60
reference_url https://access.redhat.com/errata/RHSA-2026:1803
reference_id RHSA-2026:1803
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1803
61
reference_url https://access.redhat.com/errata/RHSA-2026:1805
reference_id RHSA-2026:1805
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1805
62
reference_url https://access.redhat.com/errata/RHSA-2026:1942
reference_id RHSA-2026:1942
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1942
63
reference_url https://access.redhat.com/errata/RHSA-2026:1957
reference_id RHSA-2026:1957
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1957
64
reference_url https://access.redhat.com/errata/RHSA-2026:2060
reference_id RHSA-2026:2060
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2060
65
reference_url https://access.redhat.com/errata/RHSA-2026:2106
reference_id RHSA-2026:2106
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2106
66
reference_url https://access.redhat.com/errata/RHSA-2026:2126
reference_id RHSA-2026:2126
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2126
67
reference_url https://access.redhat.com/errata/RHSA-2026:2137
reference_id RHSA-2026:2137
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2137
68
reference_url https://access.redhat.com/errata/RHSA-2026:2139
reference_id RHSA-2026:2139
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2139
69
reference_url https://access.redhat.com/errata/RHSA-2026:2144
reference_id RHSA-2026:2144
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2144
70
reference_url https://access.redhat.com/errata/RHSA-2026:2256
reference_id RHSA-2026:2256
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2256
71
reference_url https://access.redhat.com/errata/RHSA-2026:2456
reference_id RHSA-2026:2456
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2456
72
reference_url https://access.redhat.com/errata/RHSA-2026:2500
reference_id RHSA-2026:2500
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2500
73
reference_url https://access.redhat.com/errata/RHSA-2026:2563
reference_id RHSA-2026:2563
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2563
74
reference_url https://access.redhat.com/errata/RHSA-2026:2681
reference_id RHSA-2026:2681
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2681
75
reference_url https://access.redhat.com/errata/RHSA-2026:2695
reference_id RHSA-2026:2695
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2695
76
reference_url https://access.redhat.com/errata/RHSA-2026:2717
reference_id RHSA-2026:2717
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2717
77
reference_url https://access.redhat.com/errata/RHSA-2026:2718
reference_id RHSA-2026:2718
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2718
78
reference_url https://access.redhat.com/errata/RHSA-2026:2723
reference_id RHSA-2026:2723
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2723
79
reference_url https://access.redhat.com/errata/RHSA-2026:2728
reference_id RHSA-2026:2728
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2728
80
reference_url https://access.redhat.com/errata/RHSA-2026:2737
reference_id RHSA-2026:2737
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2737
81
reference_url https://access.redhat.com/errata/RHSA-2026:2760
reference_id RHSA-2026:2760
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2760
82
reference_url https://access.redhat.com/errata/RHSA-2026:2762
reference_id RHSA-2026:2762
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2762
83
reference_url https://access.redhat.com/errata/RHSA-2026:2764
reference_id RHSA-2026:2764
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2764
84
reference_url https://access.redhat.com/errata/RHSA-2026:2765
reference_id RHSA-2026:2765
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2765
85
reference_url https://access.redhat.com/errata/RHSA-2026:2800
reference_id RHSA-2026:2800
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2800
86
reference_url https://access.redhat.com/errata/RHSA-2026:2900
reference_id RHSA-2026:2900
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2900
87
reference_url https://access.redhat.com/errata/RHSA-2026:2919
reference_id RHSA-2026:2919
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2919
88
reference_url https://access.redhat.com/errata/RHSA-2026:2924
reference_id RHSA-2026:2924
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2924
89
reference_url https://access.redhat.com/errata/RHSA-2026:2925
reference_id RHSA-2026:2925
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2925
90
reference_url https://access.redhat.com/errata/RHSA-2026:2926
reference_id RHSA-2026:2926
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2926
91
reference_url https://access.redhat.com/errata/RHSA-2026:3296
reference_id RHSA-2026:3296
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3296
92
reference_url https://access.redhat.com/errata/RHSA-2026:3406
reference_id RHSA-2026:3406
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3406
93
reference_url https://access.redhat.com/errata/RHSA-2026:3444
reference_id RHSA-2026:3444
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3444
94
reference_url https://access.redhat.com/errata/RHSA-2026:3461
reference_id RHSA-2026:3461
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3461
95
reference_url https://access.redhat.com/errata/RHSA-2026:3462
reference_id RHSA-2026:3462
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3462
96
reference_url https://access.redhat.com/errata/RHSA-2026:3713
reference_id RHSA-2026:3713
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3713
97
reference_url https://access.redhat.com/errata/RHSA-2026:3782
reference_id RHSA-2026:3782
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3782
98
reference_url https://access.redhat.com/errata/RHSA-2026:3869
reference_id RHSA-2026:3869
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3869
99
reference_url https://access.redhat.com/errata/RHSA-2026:3874
reference_id RHSA-2026:3874
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3874
100
reference_url https://access.redhat.com/errata/RHSA-2026:3960
reference_id RHSA-2026:3960
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3960
101
reference_url https://access.redhat.com/errata/RHSA-2026:4185
reference_id RHSA-2026:4185
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:4185
102
reference_url https://access.redhat.com/errata/RHSA-2026:4215
reference_id RHSA-2026:4215
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:4215
103
reference_url https://access.redhat.com/errata/RHSA-2026:4271
reference_id RHSA-2026:4271
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:4271
104
reference_url https://access.redhat.com/errata/RHSA-2026:4466
reference_id RHSA-2026:4466
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:4466
105
reference_url https://access.redhat.com/errata/RHSA-2026:4467
reference_id RHSA-2026:4467
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:4467
106
reference_url https://access.redhat.com/errata/RHSA-2026:5459
reference_id RHSA-2026:5459
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:5459
107
reference_url https://access.redhat.com/errata/RHSA-2026:5549
reference_id RHSA-2026:5549
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:5549
108
reference_url https://access.redhat.com/errata/RHSA-2026:6055
reference_id RHSA-2026:6055
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6055
109
reference_url https://access.redhat.com/errata/RHSA-2026:6292
reference_id RHSA-2026:6292
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6292
110
reference_url https://usn.ubuntu.com/7927-1/
reference_id USN-7927-1
reference_type
scores
url https://usn.ubuntu.com/7927-1/
111
reference_url https://usn.ubuntu.com/7927-2/
reference_id USN-7927-2
reference_type
scores
url https://usn.ubuntu.com/7927-2/
112
reference_url https://usn.ubuntu.com/7927-3/
reference_id USN-7927-3
reference_type
scores
url https://usn.ubuntu.com/7927-3/
fixed_packages
0
url pkg:pypi/urllib3@2.6.0
purl pkg:pypi/urllib3@2.6.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kjka-a931-uygj
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/urllib3@2.6.0
aliases CVE-2025-66471, GHSA-2xpw-w6gg-jr37
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zevs-1ge5-y7g7
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/urllib3@1.13