{"url":"http://public2.vulnerablecode.io/api/packages/8281?format=json","purl":"pkg:pypi/urllib3@1.18","type":"pypi","namespace":"","name":"urllib3","version":"1.18","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.7.0","latest_non_vulnerable_version":"2.7.0","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/304397?format=json","vulnerability_id":"VCID-3ggh-4hy1-vqba","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-50181.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-50181.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-50181","reference_id":"","reference_type":"","scores":[{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23444","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-50181"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/urllib3/urllib3","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/urllib3/urllib3"},{"reference_url":"https://github.com/urllib3/urllib3/commit/f05b1329126d5be6de501f9d1e3e36738bc08857","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-23T16:45:50Z/"}],"url":"https://github.com/urllib3/urllib3/commit/f05b1329126d5be6de501f9d1e3e36738bc08857"},{"reference_url":"https://github.com/urllib3/urllib3/releases/tag/2.5.0","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-23T16:45:50Z/"}],"url":"https://github.com/urllib3/urllib3/releases/tag/2.5.0"},{"reference_url":"https://github.com/urllib3/urllib3/security/advisories/GHSA-pq67-6m6q-mj2v","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-23T16:45:50Z/"}],"url":"https://github.com/urllib3/urllib3/security/advisories/GHSA-pq67-6m6q-mj2v"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-50181","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-50181"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108076","reference_id":"1108076","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108076"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2373799","reference_id":"2373799","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2373799"},{"reference_url":"https://github.com/advisories/GHSA-pq67-6m6q-mj2v","reference_id":"GHSA-pq67-6m6q-mj2v","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-pq67-6m6q-mj2v"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4215","reference_id":"RHSA-2026:4215","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4215"},{"reference_url":"https://usn.ubuntu.com/7599-1/","reference_id":"USN-7599-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7599-1/"},{"reference_url":"https://usn.ubuntu.com/7599-2/","reference_id":"USN-7599-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7599-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/49325?format=json","purl":"pkg:pypi/urllib3@2.5.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-e4a3-66pj-uucr"},{"vulnerability":"VCID-f61g-8gxp-f3b4"},{"vulnerability":"VCID-jbr8-13ca-x7dw"},{"vulnerability":"VCID-unzp-bny3-kube"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/urllib3@2.5.0"}],"aliases":["CVE-2025-50181","GHSA-pq67-6m6q-mj2v"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3ggh-4hy1-vqba"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7698?format=json","vulnerability_id":"VCID-fjee-85c1-33cq","summary":"In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00039.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00039.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00041.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00041.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2272","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:2272"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3335","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:3335"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3590","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:3590"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11236.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11236.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11236","reference_id":"","reference_type":"","scores":[{"value":"0.00575","scoring_system":"epss","scoring_elements":"0.69082","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11236"},{"reference_url":"https://github.com/advisories/GHSA-r64q-w8jr-g9qp","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r64q-w8jr-g9qp"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2019-132.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2019-132.yaml"},{"reference_url":"https://github.com/urllib3/urllib3","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/urllib3/urllib3"},{"reference_url":"https://github.com/urllib3/urllib3/issues/1553","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/urllib3/urllib3/issues/1553"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/06/msg00016.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2019/06/msg00016.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/06/msg00015.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2021/06/msg00015.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/10/msg00012.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2023/10/msg00012.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NKGPJLVLVYCL4L4B4G5TIOTVK4BKPG72","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NKGPJLVLVYCL4L4B4G5TIOTVK4BKPG72"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NKGPJLVLVYCL4L4B4G5TIOTVK4BKPG72/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NKGPJLVLVYCL4L4B4G5TIOTVK4BKPG72/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R62XGEYPUTXMRHGX5I37EBCGQ5COHGKR","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R62XGEYPUTXMRHGX5I37EBCGQ5COHGKR"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R62XGEYPUTXMRHGX5I37EBCGQ5COHGKR/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R62XGEYPUTXMRHGX5I37EBCGQ5COHGKR/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TBI45HO533KYHNB5YRO43TBYKA3E3VRL","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TBI45HO533KYHNB5YRO43TBYKA3E3VRL"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TBI45HO533KYHNB5YRO43TBYKA3E3VRL/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TBI45HO533KYHNB5YRO43TBYKA3E3VRL/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOSA2NT4DUQDBEIWE6O7KKD24XND7TE2","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOSA2NT4DUQDBEIWE6O7KKD24XND7TE2"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOSA2NT4DUQDBEIWE6O7KKD24XND7TE2/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOSA2NT4DUQDBEIWE6O7KKD24XND7TE2/"},{"reference_url":"https://usn.ubuntu.com/3990-1","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/3990-1"},{"reference_url":"https://usn.ubuntu.com/3990-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3990-1/"},{"reference_url":"https://usn.ubuntu.com/3990-2","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/3990-2"},{"reference_url":"https://usn.ubuntu.com/3990-2/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3990-2/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1700824","reference_id":"1700824","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1700824"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927172","reference_id":"927172","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927172"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-11236","reference_id":"CVE-2019-11236","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-11236"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0850","reference_id":"RHSA-2020:0850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0850"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0851","reference_id":"RHSA-2020:0851","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0851"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1605","reference_id":"RHSA-2020:1605","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1605"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1916","reference_id":"RHSA-2020:1916","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1916"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2068","reference_id":"RHSA-2020:2068","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2068"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2081","reference_id":"RHSA-2020:2081","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2081"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/12077?format=json","purl":"pkg:pypi/urllib3@1.24.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3ggh-4hy1-vqba"},{"vulnerability":"VCID-e4a3-66pj-uucr"},{"vulnerability":"VCID-f61g-8gxp-f3b4"},{"vulnerability":"VCID-hqya-8m8q-8kbg"},{"vulnerability":"VCID-jbr8-13ca-x7dw"},{"vulnerability":"VCID-k6uc-8pxc-w7hk"},{"vulnerability":"VCID-q9qm-kzsk-bygp"},{"vulnerability":"VCID-unzp-bny3-kube"},{"vulnerability":"VCID-xq56-8p3c-87d5"},{"vulnerability":"VCID-zw1w-sbf6-rbeu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/urllib3@1.24.3"}],"aliases":["CVE-2019-11236","GHSA-r64q-w8jr-g9qp","PYSEC-2019-132"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fjee-85c1-33cq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8912?format=json","vulnerability_id":"VCID-gvay-72q6-83fz","summary":"urllib3 before 1.24.2 does not remove the authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the authorization header to be exposed to unintended hosts or transmitted in cleartext. NOTE: this issue exists because of an incomplete fix for CVE-2018-20060 (which was case-sensitive).","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-25091.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-25091.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-25091","reference_id":"","reference_type":"","scores":[{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.45046","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-25091"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2023-207.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2023-207.yaml"},{"reference_url":"https://github.com/urllib3/urllib3","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/urllib3/urllib3"},{"reference_url":"https://github.com/urllib3/urllib3/commit/adb358f8e06865406d1f05e581a16cbea2136fbc","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-16T19:01:32Z/"}],"url":"https://github.com/urllib3/urllib3/commit/adb358f8e06865406d1f05e581a16cbea2136fbc"},{"reference_url":"https://github.com/urllib3/urllib3/compare/1.24.1...1.24.2","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-16T19:01:32Z/"}],"url":"https://github.com/urllib3/urllib3/compare/1.24.1...1.24.2"},{"reference_url":"https://github.com/urllib3/urllib3/issues/1510","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-16T19:01:32Z/"}],"url":"https://github.com/urllib3/urllib3/issues/1510"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2244340","reference_id":"2244340","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2244340"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-25091","reference_id":"CVE-2018-25091","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-25091"},{"reference_url":"https://github.com/advisories/GHSA-gwvm-45gx-3cf8","reference_id":"GHSA-gwvm-45gx-3cf8","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gwvm-45gx-3cf8"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2988","reference_id":"RHSA-2024:2988","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2988"},{"reference_url":"https://usn.ubuntu.com/6473-1/","reference_id":"USN-6473-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6473-1/"},{"reference_url":"https://usn.ubuntu.com/6473-2/","reference_id":"USN-6473-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6473-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/12076?format=json","purl":"pkg:pypi/urllib3@1.24.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3ggh-4hy1-vqba"},{"vulnerability":"VCID-e4a3-66pj-uucr"},{"vulnerability":"VCID-f61g-8gxp-f3b4"},{"vulnerability":"VCID-fjee-85c1-33cq"},{"vulnerability":"VCID-hqya-8m8q-8kbg"},{"vulnerability":"VCID-jbr8-13ca-x7dw"},{"vulnerability":"VCID-k6uc-8pxc-w7hk"},{"vulnerability":"VCID-q9qm-kzsk-bygp"},{"vulnerability":"VCID-unzp-bny3-kube"},{"vulnerability":"VCID-xq56-8p3c-87d5"},{"vulnerability":"VCID-ywe3-pb64-n3bu"},{"vulnerability":"VCID-zw1w-sbf6-rbeu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/urllib3@1.24.2"}],"aliases":["CVE-2018-25091","GHSA-gwvm-45gx-3cf8","PYSEC-2023-207"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gvay-72q6-83fz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7643?format=json","vulnerability_id":"VCID-gxed-958a-bker","summary":"urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00039.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00039.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2272","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:2272"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20060.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20060.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20060","reference_id":"","reference_type":"","scores":[{"value":"0.00656","scoring_system":"epss","scoring_elements":"0.71356","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20060"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1649153","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1649153"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/advisories/GHSA-www2-v7xj-xrc6","reference_id":"","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-www2-v7xj-xrc6"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2018-32.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2018-32.yaml"},{"reference_url":"https://github.com/urllib3/urllib3","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/urllib3/urllib3"},{"reference_url":"https://github.com/urllib3/urllib3/blob/master/CHANGES.rst","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/urllib3/urllib3/blob/master/CHANGES.rst"},{"reference_url":"https://github.com/urllib3/urllib3/commit/560bd227b90f74417ffaedebf5f8d05a8ee4f532","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/urllib3/urllib3/commit/560bd227b90f74417ffaedebf5f8d05a8ee4f532"},{"reference_url":"https://github.com/urllib3/urllib3/issues/1316","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/urllib3/urllib3/issues/1316"},{"reference_url":"https://github.com/urllib3/urllib3/pull/1346","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/urllib3/urllib3/pull/1346"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/06/msg00015.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2021/06/msg00015.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5SJERZEJDSUYQP7BNBXMBHRHGY26HRZD","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5SJERZEJDSUYQP7BNBXMBHRHGY26HRZD"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BXLAXHM3Z6DUCXZ7ZXZ2EAYJXWDCZFCT","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BXLAXHM3Z6DUCXZ7ZXZ2EAYJXWDCZFCT"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWP36YW3KSVLXDBY3QJKDYEPCIMN3VQZ","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWP36YW3KSVLXDBY3QJKDYEPCIMN3VQZ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5SJERZEJDSUYQP7BNBXMBHRHGY26HRZD","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5SJERZEJDSUYQP7BNBXMBHRHGY26HRZD"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5SJERZEJDSUYQP7BNBXMBHRHGY26HRZD/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5SJERZEJDSUYQP7BNBXMBHRHGY26HRZD/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BXLAXHM3Z6DUCXZ7ZXZ2EAYJXWDCZFCT","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BXLAXHM3Z6DUCXZ7ZXZ2EAYJXWDCZFCT"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BXLAXHM3Z6DUCXZ7ZXZ2EAYJXWDCZFCT/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BXLAXHM3Z6DUCXZ7ZXZ2EAYJXWDCZFCT/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWP36YW3KSVLXDBY3QJKDYEPCIMN3VQZ","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWP36YW3KSVLXDBY3QJKDYEPCIMN3VQZ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWP36YW3KSVLXDBY3QJKDYEPCIMN3VQZ/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWP36YW3KSVLXDBY3QJKDYEPCIMN3VQZ/"},{"reference_url":"https://security.netapp.com/advisory/ntap-20241227-0010","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20241227-0010"},{"reference_url":"https://usn.ubuntu.com/3990-1","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/3990-1"},{"reference_url":"https://usn.ubuntu.com/3990-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3990-1/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-20060","reference_id":"CVE-2018-20060","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-20060"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0850","reference_id":"RHSA-2020:0850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0850"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0851","reference_id":"RHSA-2020:0851","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0851"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1605","reference_id":"RHSA-2020:1605","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1605"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1916","reference_id":"RHSA-2020:1916","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1916"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2068","reference_id":"RHSA-2020:2068","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2068"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2081","reference_id":"RHSA-2020:2081","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2081"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/11379?format=json","purl":"pkg:pypi/urllib3@1.23","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3ggh-4hy1-vqba"},{"vulnerability":"VCID-e4a3-66pj-uucr"},{"vulnerability":"VCID-fjee-85c1-33cq"},{"vulnerability":"VCID-gvay-72q6-83fz"},{"vulnerability":"VCID-hqya-8m8q-8kbg"},{"vulnerability":"VCID-jbr8-13ca-x7dw"},{"vulnerability":"VCID-k6uc-8pxc-w7hk"},{"vulnerability":"VCID-puvp-px4m-77h1"},{"vulnerability":"VCID-q9qm-kzsk-bygp"},{"vulnerability":"VCID-unzp-bny3-kube"},{"vulnerability":"VCID-x1ah-7bvf-ykbj"},{"vulnerability":"VCID-xq56-8p3c-87d5"},{"vulnerability":"VCID-ywe3-pb64-n3bu"},{"vulnerability":"VCID-zw1w-sbf6-rbeu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/urllib3@1.23"}],"aliases":["CVE-2018-20060","GHSA-www2-v7xj-xrc6","PYSEC-2018-32"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gxed-958a-bker"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5548?format=json","vulnerability_id":"VCID-hqya-8m8q-8kbg","summary":"denial of service","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-33503.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-33503.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33503","reference_id":"","reference_type":"","scores":[{"value":"0.00863","scoring_system":"epss","scoring_elements":"0.75395","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33503"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/advisories/GHSA-q2q7-5pp4-w6pg","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q2q7-5pp4-w6pg"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2021-108.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2021-108.yaml"},{"reference_url":"https://github.com/urllib3/urllib3","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/urllib3/urllib3"},{"reference_url":"https://github.com/urllib3/urllib3/commit/2d4a3fee6de2fa45eb82169361918f759269b4ec","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/urllib3/urllib3/commit/2d4a3fee6de2fa45eb82169361918f759269b4ec"},{"reference_url":"https://github.com/urllib3/urllib3/commit/5b047b645f5f93900d5e2fc31230848c25eb1f5f#diff-52026d639119bf1e0364836b4e8a18bd9ed3c95c6ba39b26534a5057a65e35bbR65","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/urllib3/urllib3/commit/5b047b645f5f93900d5e2fc31230848c25eb1f5f#diff-52026d639119bf1e0364836b4e8a18bd9ed3c95c6ba39b26534a5057a65e35bbR65"},{"reference_url":"https://github.com/urllib3/urllib3/security/advisories/GHSA-q2q7-5pp4-w6pg","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/urllib3/urllib3/security/advisories/GHSA-q2q7-5pp4-w6pg"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6SCV7ZNAHS3E6PBFLJGENCDRDRWRZZ6W","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6SCV7ZNAHS3E6PBFLJGENCDRDRWRZZ6W"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FMUGWEAUYGGHTPPXT6YBD53WYXQGVV73","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FMUGWEAUYGGHTPPXT6YBD53WYXQGVV73"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33503","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33503"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2021.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1968074","reference_id":"1968074","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1968074"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989848","reference_id":"989848","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989848"},{"reference_url":"https://security.archlinux.org/ASA-202106-25","reference_id":"ASA-202106-25","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202106-25"},{"reference_url":"https://security.archlinux.org/AVG-2038","reference_id":"AVG-2038","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2038"},{"reference_url":"https://security.gentoo.org/glsa/202107-36","reference_id":"GLSA-202107-36","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202107-36"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3473","reference_id":"RHSA-2021:3473","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3473"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4160","reference_id":"RHSA-2021:4160","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4160"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4162","reference_id":"RHSA-2021:4162","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4162"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4702","reference_id":"RHSA-2021:4702","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4702"},{"reference_url":"https://usn.ubuntu.com/5812-1/","reference_id":"USN-5812-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5812-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/21567?format=json","purl":"pkg:pypi/urllib3@1.26.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3ggh-4hy1-vqba"},{"vulnerability":"VCID-e4a3-66pj-uucr"},{"vulnerability":"VCID-f61g-8gxp-f3b4"},{"vulnerability":"VCID-jbr8-13ca-x7dw"},{"vulnerability":"VCID-k6uc-8pxc-w7hk"},{"vulnerability":"VCID-q9qm-kzsk-bygp"},{"vulnerability":"VCID-unzp-bny3-kube"},{"vulnerability":"VCID-xq56-8p3c-87d5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/urllib3@1.26.5"}],"aliases":["CVE-2021-33503","GHSA-q2q7-5pp4-w6pg","PYSEC-2021-108"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hqya-8m8q-8kbg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/21767?format=json","vulnerability_id":"VCID-jbr8-13ca-x7dw","summary":"urllib3 streaming API improperly handles highly compressed data\nurllib3's [streaming API](https://urllib3.readthedocs.io/en/2.5.0/advanced-usage.html#streaming-and-i-o) is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once.\n\nWhen streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP `Content-Encoding` header (e.g., `gzip`, `deflate`, `br`, or `zstd`). The library must read compressed data from the network and decompress it until the requested chunk size is met. Any resulting decompressed data that exceeds the requested amount is held in an internal buffer for the next read operation.\n\nThe decompression logic could cause urllib3 to fully decode a small amount of highly compressed data in a single operation. This can result in excessive resource consumption (high CPU usage and massive memory allocation for the decompressed data; CWE-409) on the client side, even if the application only requested a small chunk of data.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-66471.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-66471.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-66471","reference_id":"","reference_type":"","scores":[{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.0444","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-66471"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/urllib3/urllib3","reference_id":"","reference_type":"","scores":[{"value":"8.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/urllib3/urllib3"},{"reference_url":"https://github.com/urllib3/urllib3/commit/c19571de34c47de3a766541b041637ba5f716ed7","reference_id":"","reference_type":"","scores":[{"value":"8.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-05T19:32:57Z/"}],"url":"https://github.com/urllib3/urllib3/commit/c19571de34c47de3a766541b041637ba5f716ed7"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122029","reference_id":"1122029","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122029"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2419467","reference_id":"2419467","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2419467"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-66471","reference_id":"CVE-2025-66471","reference_type":"","scores":[{"value":"8.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-66471"},{"reference_url":"https://github.com/advisories/GHSA-2xpw-w6gg-jr37","reference_id":"GHSA-2xpw-w6gg-jr37","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2xpw-w6gg-jr37"},{"reference_url":"https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37","reference_id":"GHSA-2xpw-w6gg-jr37","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-05T19:32:57Z/"}],"url":"https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0981","reference_id":"RHSA-2026:0981","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0981"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0990","reference_id":"RHSA-2026:0990","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0990"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10184","reference_id":"RHSA-2026:10184","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10184"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1038","reference_id":"RHSA-2026:1038","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1038"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1041","reference_id":"RHSA-2026:1041","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1041"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1042","reference_id":"RHSA-2026:1042","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1042"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1086","reference_id":"RHSA-2026:1086","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1086"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1087","reference_id":"RHSA-2026:1087","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1087"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1088","reference_id":"RHSA-2026:1088","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1088"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1089","reference_id":"RHSA-2026:1089","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1089"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1166","reference_id":"RHSA-2026:1166","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1166"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1168","reference_id":"RHSA-2026:1168","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1168"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11722","reference_id":"RHSA-2026:11722","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11722"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1176","reference_id":"RHSA-2026:1176","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1176"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1224","reference_id":"RHSA-2026:1224","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1224"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1226","reference_id":"RHSA-2026:1226","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1226"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1239","reference_id":"RHSA-2026:1239","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1239"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1240","reference_id":"RHSA-2026:1240","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1240"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1241","reference_id":"RHSA-2026:1241","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1241"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1249","reference_id":"RHSA-2026:1249","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1249"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1254","reference_id":"RHSA-2026:1254","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1254"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1485","reference_id":"RHSA-2026:1485","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1485"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:14877","reference_id":"RHSA-2026:14877","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:14877"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1497","reference_id":"RHSA-2026:1497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1504","reference_id":"RHSA-2026:1504","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1504"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1506","reference_id":"RHSA-2026:1506","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1506"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1546","reference_id":"RHSA-2026:1546","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1546"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1596","reference_id":"RHSA-2026:1596","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1596"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1599","reference_id":"RHSA-2026:1599","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1599"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1600","reference_id":"RHSA-2026:1600","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1600"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1609","reference_id":"RHSA-2026:1609","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1609"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1618","reference_id":"RHSA-2026:1618","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1618"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1619","reference_id":"RHSA-2026:1619","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1619"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1652","reference_id":"RHSA-2026:1652","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1652"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1674","reference_id":"RHSA-2026:1674","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1674"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1676","reference_id":"RHSA-2026:1676","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1676"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1693","reference_id":"RHSA-2026:1693","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1693"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1704","reference_id":"RHSA-2026:1704","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1704"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1706","reference_id":"RHSA-2026:1706","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1706"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1712","reference_id":"RHSA-2026:1712","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1712"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1717","reference_id":"RHSA-2026:1717","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1717"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1726","reference_id":"RHSA-2026:1726","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1726"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1729","reference_id":"RHSA-2026:1729","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1729"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1730","reference_id":"RHSA-2026:1730","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1730"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1734","reference_id":"RHSA-2026:1734","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1734"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1735","reference_id":"RHSA-2026:1735","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1735"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1736","reference_id":"RHSA-2026:1736","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1736"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1791","reference_id":"RHSA-2026:1791","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1791"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1792","reference_id":"RHSA-2026:1792","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1792"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1793","reference_id":"RHSA-2026:1793","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1793"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1794","reference_id":"RHSA-2026:1794","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1794"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1795","reference_id":"RHSA-2026:1795","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1795"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1803","reference_id":"RHSA-2026:1803","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1803"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1805","reference_id":"RHSA-2026:1805","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1805"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1942","reference_id":"RHSA-2026:1942","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1942"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1957","reference_id":"RHSA-2026:1957","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1957"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19712","reference_id":"RHSA-2026:19712","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:19712"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2060","reference_id":"RHSA-2026:2060","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2060"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2106","reference_id":"RHSA-2026:2106","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2106"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2126","reference_id":"RHSA-2026:2126","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2126"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2137","reference_id":"RHSA-2026:2137","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2137"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2139","reference_id":"RHSA-2026:2139","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2139"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2144","reference_id":"RHSA-2026:2144","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2144"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2256","reference_id":"RHSA-2026:2256","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2256"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2456","reference_id":"RHSA-2026:2456","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2456"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2500","reference_id":"RHSA-2026:2500","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2500"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2563","reference_id":"RHSA-2026:2563","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2563"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2681","reference_id":"RHSA-2026:2681","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2681"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2695","reference_id":"RHSA-2026:2695","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2695"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2717","reference_id":"RHSA-2026:2717","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2717"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2718","reference_id":"RHSA-2026:2718","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2718"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2723","reference_id":"RHSA-2026:2723","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2723"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2728","reference_id":"RHSA-2026:2728","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2728"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2737","reference_id":"RHSA-2026:2737","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2737"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2760","reference_id":"RHSA-2026:2760","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2760"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2762","reference_id":"RHSA-2026:2762","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2762"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2764","reference_id":"RHSA-2026:2764","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2764"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2765","reference_id":"RHSA-2026:2765","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2765"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2800","reference_id":"RHSA-2026:2800","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2800"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2900","reference_id":"RHSA-2026:2900","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2900"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2919","reference_id":"RHSA-2026:2919","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2919"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2924","reference_id":"RHSA-2026:2924","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2924"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2925","reference_id":"RHSA-2026:2925","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2925"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2926","reference_id":"RHSA-2026:2926","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2926"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3296","reference_id":"RHSA-2026:3296","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3296"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3406","reference_id":"RHSA-2026:3406","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3406"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3444","reference_id":"RHSA-2026:3444","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3444"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3461","reference_id":"RHSA-2026:3461","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3461"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3462","reference_id":"RHSA-2026:3462","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3462"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3713","reference_id":"RHSA-2026:3713","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3713"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3782","reference_id":"RHSA-2026:3782","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3782"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3869","reference_id":"RHSA-2026:3869","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3869"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3874","reference_id":"RHSA-2026:3874","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3874"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3960","reference_id":"RHSA-2026:3960","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3960"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4185","reference_id":"RHSA-2026:4185","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4185"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4215","reference_id":"RHSA-2026:4215","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4215"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4271","reference_id":"RHSA-2026:4271","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4271"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4466","reference_id":"RHSA-2026:4466","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4466"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4467","reference_id":"RHSA-2026:4467","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4467"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5459","reference_id":"RHSA-2026:5459","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5459"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5549","reference_id":"RHSA-2026:5549","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5549"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6055","reference_id":"RHSA-2026:6055","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6055"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6292","reference_id":"RHSA-2026:6292","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6292"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9031","reference_id":"RHSA-2026:9031","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9031"},{"reference_url":"https://usn.ubuntu.com/7927-1/","reference_id":"USN-7927-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7927-1/"},{"reference_url":"https://usn.ubuntu.com/7927-2/","reference_id":"USN-7927-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7927-2/"},{"reference_url":"https://usn.ubuntu.com/7927-3/","reference_id":"USN-7927-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7927-3/"},{"reference_url":"https://usn.ubuntu.com/8344-1/","reference_id":"USN-8344-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8344-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/49326?format=json","purl":"pkg:pypi/urllib3@2.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-e4a3-66pj-uucr"},{"vulnerability":"VCID-j8af-gne3-3fa9"},{"vulnerability":"VCID-unzp-bny3-kube"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/urllib3@2.6.0"}],"aliases":["CVE-2025-66471","GHSA-2xpw-w6gg-jr37"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jbr8-13ca-x7dw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8899?format=json","vulnerability_id":"VCID-k6uc-8pxc-w7hk","summary":"urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. This issue has been patched in urllib3 version 1.26.17 or 2.0.5.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-43804.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-43804.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-43804","reference_id":"","reference_type":"","scores":[{"value":"0.0095","scoring_system":"epss","scoring_elements":"0.7668","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-43804"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2023-192.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"7.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2023-192.yaml"},{"reference_url":"https://github.com/urllib3/urllib3","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"7.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/urllib3/urllib3"},{"reference_url":"https://github.com/urllib3/urllib3/commit/01220354d389cd05474713f8c982d05c9b17aafb","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"7.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/urllib3/urllib3/commit/01220354d389cd05474713f8c982d05c9b17aafb"},{"reference_url":"https://github.com/urllib3/urllib3/commit/644124ecd0b6e417c527191f866daa05a5a2056d","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"7.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/urllib3/urllib3/commit/644124ecd0b6e417c527191f866daa05a5a2056d"},{"reference_url":"https://github.com/urllib3/urllib3/security/advisories/GHSA-v845-jxx5-vc9f","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/urllib3/urllib3/security/advisories/GHSA-v845-jxx5-vc9f"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/10/msg00012.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"7.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2023/10/msg00012.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/12/msg00020.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"7.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2024/12/msg00020.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5F5CUBAN5XMEBVBZPHFITBLMJV5FIJJ5","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"7.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5F5CUBAN5XMEBVBZPHFITBLMJV5FIJJ5"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I3PR7C6RJ6JUBQKIJ644DMIJSUP36VDY","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"7.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I3PR7C6RJ6JUBQKIJ644DMIJSUP36VDY"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDAGZXYJ7H2G3SB47M453VQVNAWKAEJJ","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"7.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDAGZXYJ7H2G3SB47M453VQVNAWKAEJJ"},{"reference_url":"https://security.netapp.com/advisory/ntap-20241213-0007","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"7.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20241213-0007"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053626","reference_id":"1053626","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053626"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2242493","reference_id":"2242493","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2242493"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-43804","reference_id":"CVE-2023-43804","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"7.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-43804"},{"reference_url":"https://www.vicarius.io/vsociety/posts/cve-2023-43804-urllib3-vulnerability-3","reference_id":"CVE-2023-43804-URLLIB3-VULNERABILITY-3","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"7.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.vicarius.io/vsociety/posts/cve-2023-43804-urllib3-vulnerability-3"},{"reference_url":"https://github.com/advisories/GHSA-v845-jxx5-vc9f","reference_id":"GHSA-v845-jxx5-vc9f","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v845-jxx5-vc9f"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:6158","reference_id":"RHSA-2023:6158","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:6158"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:6812","reference_id":"RHSA-2023:6812","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:6812"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7378","reference_id":"RHSA-2023:7378","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7378"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7385","reference_id":"RHSA-2023:7385","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7385"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7407","reference_id":"RHSA-2023:7407","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7407"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7435","reference_id":"RHSA-2023:7435","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7435"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7523","reference_id":"RHSA-2023:7523","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7523"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7528","reference_id":"RHSA-2023:7528","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7528"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7753","reference_id":"RHSA-2023:7753","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7753"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7851","reference_id":"RHSA-2023:7851","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7851"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0116","reference_id":"RHSA-2024:0116","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0116"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0133","reference_id":"RHSA-2024:0133","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0133"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0187","reference_id":"RHSA-2024:0187","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0187"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0300","reference_id":"RHSA-2024:0300","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0300"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0464","reference_id":"RHSA-2024:0464","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0464"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0588","reference_id":"RHSA-2024:0588","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0588"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1383","reference_id":"RHSA-2024:1383","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1383"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2159","reference_id":"RHSA-2024:2159","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2159"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2985","reference_id":"RHSA-2024:2985","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2985"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2986","reference_id":"RHSA-2024:2986","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2986"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2987","reference_id":"RHSA-2024:2987","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2987"},{"reference_url":"https://usn.ubuntu.com/6473-1/","reference_id":"USN-6473-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6473-1/"},{"reference_url":"https://usn.ubuntu.com/6473-2/","reference_id":"USN-6473-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6473-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/35150?format=json","purl":"pkg:pypi/urllib3@1.26.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3ggh-4hy1-vqba"},{"vulnerability":"VCID-e4a3-66pj-uucr"},{"vulnerability":"VCID-f61g-8gxp-f3b4"},{"vulnerability":"VCID-jbr8-13ca-x7dw"},{"vulnerability":"VCID-q9qm-kzsk-bygp"},{"vulnerability":"VCID-unzp-bny3-kube"},{"vulnerability":"VCID-xq56-8p3c-87d5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/urllib3@1.26.17"},{"url":"http://public2.vulnerablecode.io/api/packages/49314?format=json","purl":"pkg:pypi/urllib3@2.0.0a1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3ggh-4hy1-vqba"},{"vulnerability":"VCID-e4a3-66pj-uucr"},{"vulnerability":"VCID-f61g-8gxp-f3b4"},{"vulnerability":"VCID-jbr8-13ca-x7dw"},{"vulnerability":"VCID-unzp-bny3-kube"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/urllib3@2.0.0a1"},{"url":"http://public2.vulnerablecode.io/api/packages/35149?format=json","purl":"pkg:pypi/urllib3@2.0.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3ggh-4hy1-vqba"},{"vulnerability":"VCID-e4a3-66pj-uucr"},{"vulnerability":"VCID-f61g-8gxp-f3b4"},{"vulnerability":"VCID-jbr8-13ca-x7dw"},{"vulnerability":"VCID-q9qm-kzsk-bygp"},{"vulnerability":"VCID-unzp-bny3-kube"},{"vulnerability":"VCID-xq56-8p3c-87d5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/urllib3@2.0.6"}],"aliases":["CVE-2023-43804","GHSA-v845-jxx5-vc9f","PYSEC-2023-192"],"risk_score":3.6,"exploitability":"0.5","weighted_severity":"7.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k6uc-8pxc-w7hk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7383?format=json","vulnerability_id":"VCID-p4bf-j3p8-z7ee","summary":"Versions 1.17 and 1.18 of the Python urllib3 library suffer from a vulnerability that can cause them, in certain configurations, to not correctly validate TLS certificates. This places users of the library with those configurations at risk of man-in-the-middle and information leakage attacks. This vulnerability affects users using versions 1.17 and 1.18 of the urllib3 library, who are using the optional PyOpenSSL support for TLS instead of the regular standard library TLS backend, and who are using OpenSSL 1.1.0 via PyOpenSSL. This is an extremely uncommon configuration, so the security impact of this vulnerability is low.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9015","reference_id":"","reference_type":"","scores":[{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11734","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9015"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:P/I:N/A:N"},{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2017-98.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2017-98.yaml"},{"reference_url":"https://github.com/urllib3/urllib3","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/urllib3/urllib3"},{"reference_url":"https://github.com/urllib3/urllib3/commit/c32cdbc16a9634fa0f8c829d1270301570158715","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/urllib3/urllib3/commit/c32cdbc16a9634fa0f8c829d1270301570158715"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9015","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9015"},{"reference_url":"https://web.archive.org/web/20210123184150/http://www.securityfocus.com/bid/93941","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210123184150/http://www.securityfocus.com/bid/93941"},{"reference_url":"http://www.openwall.com/lists/oss-security/2016/10/27/6","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2016/10/27/6"},{"reference_url":"http://www.securityfocus.com/bid/93941","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/93941"},{"reference_url":"https://github.com/advisories/GHSA-v4w5-p2hg-8fh6","reference_id":"GHSA-v4w5-p2hg-8fh6","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-v4w5-p2hg-8fh6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/8282?format=json","purl":"pkg:pypi/urllib3@1.18.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3ggh-4hy1-vqba"},{"vulnerability":"VCID-fjee-85c1-33cq"},{"vulnerability":"VCID-gvay-72q6-83fz"},{"vulnerability":"VCID-gxed-958a-bker"},{"vulnerability":"VCID-hqya-8m8q-8kbg"},{"vulnerability":"VCID-jbr8-13ca-x7dw"},{"vulnerability":"VCID-k6uc-8pxc-w7hk"},{"vulnerability":"VCID-puvp-px4m-77h1"},{"vulnerability":"VCID-q9qm-kzsk-bygp"},{"vulnerability":"VCID-x1ah-7bvf-ykbj"},{"vulnerability":"VCID-xq56-8p3c-87d5"},{"vulnerability":"VCID-ywe3-pb64-n3bu"},{"vulnerability":"VCID-zw1w-sbf6-rbeu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/urllib3@1.18.1"}],"aliases":["CVE-2016-9015","GHSA-v4w5-p2hg-8fh6","PYSEC-2017-98"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p4bf-j3p8-z7ee"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/345489?format=json","vulnerability_id":"VCID-puvp-px4m-77h1","summary":"The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure is the correct outcome. This is related to use of the ssl_context, ca_certs, or ca_certs_dir argument.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00039.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00039.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00041.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00041.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3335","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3335"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3590","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3590"},{"reference_url":"https://github.com/urllib3/urllib3/compare/a6ec68a...1efadf4","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/urllib3/urllib3/compare/a6ec68a...1efadf4"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NKGPJLVLVYCL4L4B4G5TIOTVK4BKPG72/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NKGPJLVLVYCL4L4B4G5TIOTVK4BKPG72/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOSA2NT4DUQDBEIWE6O7KKD24XND7TE2/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOSA2NT4DUQDBEIWE6O7KKD24XND7TE2/"},{"reference_url":"https://usn.ubuntu.com/3990-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3990-1/"},{"reference_url":"http://www.openwall.com/lists/oss-security/2019/04/19/1","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2019/04/19/1"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/12076?format=json","purl":"pkg:pypi/urllib3@1.24.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3ggh-4hy1-vqba"},{"vulnerability":"VCID-e4a3-66pj-uucr"},{"vulnerability":"VCID-f61g-8gxp-f3b4"},{"vulnerability":"VCID-fjee-85c1-33cq"},{"vulnerability":"VCID-hqya-8m8q-8kbg"},{"vulnerability":"VCID-jbr8-13ca-x7dw"},{"vulnerability":"VCID-k6uc-8pxc-w7hk"},{"vulnerability":"VCID-q9qm-kzsk-bygp"},{"vulnerability":"VCID-unzp-bny3-kube"},{"vulnerability":"VCID-xq56-8p3c-87d5"},{"vulnerability":"VCID-ywe3-pb64-n3bu"},{"vulnerability":"VCID-zw1w-sbf6-rbeu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/urllib3@1.24.2"}],"aliases":["PYSEC-2019-63"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-puvp-px4m-77h1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8914?format=json","vulnerability_id":"VCID-q9qm-kzsk-bygp","summary":"urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one that could accept a request body (like `POST`) to `GET` as is required by HTTP RFCs. Although this behavior is not specified in the section for redirects, it can be inferred by piecing together information from different sections and we have observed the behavior in other major HTTP client implementations like curl and web browsers. Because the vulnerability requires a previously trusted service to become compromised in order to have an impact on confidentiality we believe the exploitability of this vulnerability is low. Additionally, many users aren't putting sensitive data in HTTP request bodies, if this is the case then this vulnerability isn't exploitable. Both of the following conditions must be true to be affected by this vulnerability: 1. Using urllib3 and submitting sensitive information in the HTTP request body (such as form data or JSON) and 2. The origin service is compromised and starts redirecting using 301, 302, or 303 to a malicious peer or the redirected-to service becomes compromised. This issue has been addressed in versions 1.26.18 and 2.0.7 and users are advised to update to resolve this issue. Users unable to update should disable redirects for services that aren't expecting to respond with redirects with `redirects=False` and disable automatic redirects with `redirects=False` and handle 301, 302, and 303 redirects manually by stripping the HTTP request body.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45803.json","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45803.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-45803","reference_id":"","reference_type":"","scores":[{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17756","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-45803"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2023-212.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2023-212.yaml"},{"reference_url":"https://github.com/urllib3/urllib3","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/urllib3/urllib3"},{"reference_url":"https://github.com/urllib3/urllib3/commit/4e50fbc5db74e32cabd5ccc1ab81fc103adfe0b3","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/urllib3/urllib3/commit/4e50fbc5db74e32cabd5ccc1ab81fc103adfe0b3"},{"reference_url":"https://github.com/urllib3/urllib3/commit/4e98d57809dacab1cbe625fddeec1a290c478ea9","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T15:56:19Z/"}],"url":"https://github.com/urllib3/urllib3/commit/4e98d57809dacab1cbe625fddeec1a290c478ea9"},{"reference_url":"https://github.com/urllib3/urllib3/commit/b594c5ceaca38e1ac215f916538fb128e3526a36","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/urllib3/urllib3/commit/b594c5ceaca38e1ac215f916538fb128e3526a36"},{"reference_url":"https://github.com/urllib3/urllib3/releases/tag/1.26.18","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/urllib3/urllib3/releases/tag/1.26.18"},{"reference_url":"https://github.com/urllib3/urllib3/releases/tag/2.0.7","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/urllib3/urllib3/releases/tag/2.0.7"},{"reference_url":"https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T15:56:19Z/"}],"url":"https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/12/msg00020.html","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2024/12/msg00020.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4R2Y5XK3WALSR3FNAGN7JBYV2B343ZKB","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4R2Y5XK3WALSR3FNAGN7JBYV2B343ZKB"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5F5CUBAN5XMEBVBZPHFITBLMJV5FIJJ5","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5F5CUBAN5XMEBVBZPHFITBLMJV5FIJJ5"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PPDPLM6UUMN55ESPQWJFLLIZY4ZKCNRX","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PPDPLM6UUMN55ESPQWJFLLIZY4ZKCNRX"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PPDPLM6UUMN55ESPQWJFLLIZY4ZKCNRX/","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T15:56:19Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PPDPLM6UUMN55ESPQWJFLLIZY4ZKCNRX/"},{"reference_url":"https://www.rfc-editor.org/rfc/rfc9110.html#name-get","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T15:56:19Z/"}],"url":"https://www.rfc-editor.org/rfc/rfc9110.html#name-get"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054226","reference_id":"1054226","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054226"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2246840","reference_id":"2246840","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2246840"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4R2Y5XK3WALSR3FNAGN7JBYV2B343ZKB/","reference_id":"4R2Y5XK3WALSR3FNAGN7JBYV2B343ZKB","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T15:56:19Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4R2Y5XK3WALSR3FNAGN7JBYV2B343ZKB/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5F5CUBAN5XMEBVBZPHFITBLMJV5FIJJ5/","reference_id":"5F5CUBAN5XMEBVBZPHFITBLMJV5FIJJ5","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T15:56:19Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5F5CUBAN5XMEBVBZPHFITBLMJV5FIJJ5/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-45803","reference_id":"CVE-2023-45803","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-45803"},{"reference_url":"https://github.com/advisories/GHSA-g4mx-q9vg-27p4","reference_id":"GHSA-g4mx-q9vg-27p4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g4mx-q9vg-27p4"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7851","reference_id":"RHSA-2023:7851","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7851"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0116","reference_id":"RHSA-2024:0116","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0116"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0300","reference_id":"RHSA-2024:0300","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0300"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0464","reference_id":"RHSA-2024:0464","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0464"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0588","reference_id":"RHSA-2024:0588","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0588"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:11189","reference_id":"RHSA-2024:11189","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:11189"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:11238","reference_id":"RHSA-2024:11238","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:11238"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1155","reference_id":"RHSA-2024:1155","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1155"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1383","reference_id":"RHSA-2024:1383","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1383"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2132","reference_id":"RHSA-2024:2132","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2132"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2734","reference_id":"RHSA-2024:2734","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2734"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2952","reference_id":"RHSA-2024:2952","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2952"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2968","reference_id":"RHSA-2024:2968","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2968"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2988","reference_id":"RHSA-2024:2988","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2988"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0078","reference_id":"RHSA-2025:0078","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0078"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1793","reference_id":"RHSA-2025:1793","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1793"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1813","reference_id":"RHSA-2025:1813","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1813"},{"reference_url":"https://usn.ubuntu.com/6473-1/","reference_id":"USN-6473-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6473-1/"},{"reference_url":"https://usn.ubuntu.com/6473-2/","reference_id":"USN-6473-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6473-2/"},{"reference_url":"https://usn.ubuntu.com/7762-1/","reference_id":"USN-7762-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7762-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/35469?format=json","purl":"pkg:pypi/urllib3@1.26.18","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3ggh-4hy1-vqba"},{"vulnerability":"VCID-e4a3-66pj-uucr"},{"vulnerability":"VCID-f61g-8gxp-f3b4"},{"vulnerability":"VCID-jbr8-13ca-x7dw"},{"vulnerability":"VCID-unzp-bny3-kube"},{"vulnerability":"VCID-xq56-8p3c-87d5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/urllib3@1.26.18"},{"url":"http://public2.vulnerablecode.io/api/packages/49314?format=json","purl":"pkg:pypi/urllib3@2.0.0a1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3ggh-4hy1-vqba"},{"vulnerability":"VCID-e4a3-66pj-uucr"},{"vulnerability":"VCID-f61g-8gxp-f3b4"},{"vulnerability":"VCID-jbr8-13ca-x7dw"},{"vulnerability":"VCID-unzp-bny3-kube"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/urllib3@2.0.0a1"},{"url":"http://public2.vulnerablecode.io/api/packages/35468?format=json","purl":"pkg:pypi/urllib3@2.0.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3ggh-4hy1-vqba"},{"vulnerability":"VCID-e4a3-66pj-uucr"},{"vulnerability":"VCID-f61g-8gxp-f3b4"},{"vulnerability":"VCID-jbr8-13ca-x7dw"},{"vulnerability":"VCID-unzp-bny3-kube"},{"vulnerability":"VCID-xq56-8p3c-87d5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/urllib3@2.0.7"}],"aliases":["CVE-2023-45803","GHSA-g4mx-q9vg-27p4","PYSEC-2023-212"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q9qm-kzsk-bygp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7700?format=json","vulnerability_id":"VCID-x1ah-7bvf-ykbj","summary":"The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure is the correct outcome. This is related to use of the ssl_context, ca_certs, or ca_certs_dir argument.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00039.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00039.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00041.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00041.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3335","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:3335"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3590","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:3590"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11324.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11324.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11324","reference_id":"","reference_type":"","scores":[{"value":"0.01043","scoring_system":"epss","scoring_elements":"0.77761","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11324"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/advisories/GHSA-mh33-7rrq-662w","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mh33-7rrq-662w"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2019-133.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2019-133.yaml"},{"reference_url":"https://github.com/urllib3/urllib3","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/urllib3/urllib3"},{"reference_url":"https://github.com/urllib3/urllib3/commit/1efadf43dc63317cd9eaa3e0fdb9e05ab07254b1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/urllib3/urllib3/commit/1efadf43dc63317cd9eaa3e0fdb9e05ab07254b1"},{"reference_url":"https://github.com/urllib3/urllib3/compare/a6ec68a...1efadf4","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/urllib3/urllib3/compare/a6ec68a...1efadf4"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/06/msg00015.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2021/06/msg00015.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/10/msg00012.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2023/10/msg00012.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NKGPJLVLVYCL4L4B4G5TIOTVK4BKPG72","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NKGPJLVLVYCL4L4B4G5TIOTVK4BKPG72"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NKGPJLVLVYCL4L4B4G5TIOTVK4BKPG72/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NKGPJLVLVYCL4L4B4G5TIOTVK4BKPG72/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOSA2NT4DUQDBEIWE6O7KKD24XND7TE2","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOSA2NT4DUQDBEIWE6O7KKD24XND7TE2"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOSA2NT4DUQDBEIWE6O7KKD24XND7TE2/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOSA2NT4DUQDBEIWE6O7KKD24XND7TE2/"},{"reference_url":"https://pypi.org/project/urllib3/1.24.2","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://pypi.org/project/urllib3/1.24.2"},{"reference_url":"https://usn.ubuntu.com/3990-1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/3990-1"},{"reference_url":"https://usn.ubuntu.com/3990-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3990-1/"},{"reference_url":"http://www.openwall.com/lists/oss-security/2019/04/19/1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2019/04/19/1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1702473","reference_id":"1702473","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1702473"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927412","reference_id":"927412","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927412"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-11324","reference_id":"CVE-2019-11324","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-11324"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0850","reference_id":"RHSA-2020:0850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0850"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1605","reference_id":"RHSA-2020:1605","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1605"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1916","reference_id":"RHSA-2020:1916","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1916"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2068","reference_id":"RHSA-2020:2068","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2068"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/12076?format=json","purl":"pkg:pypi/urllib3@1.24.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3ggh-4hy1-vqba"},{"vulnerability":"VCID-e4a3-66pj-uucr"},{"vulnerability":"VCID-f61g-8gxp-f3b4"},{"vulnerability":"VCID-fjee-85c1-33cq"},{"vulnerability":"VCID-hqya-8m8q-8kbg"},{"vulnerability":"VCID-jbr8-13ca-x7dw"},{"vulnerability":"VCID-k6uc-8pxc-w7hk"},{"vulnerability":"VCID-q9qm-kzsk-bygp"},{"vulnerability":"VCID-unzp-bny3-kube"},{"vulnerability":"VCID-xq56-8p3c-87d5"},{"vulnerability":"VCID-ywe3-pb64-n3bu"},{"vulnerability":"VCID-zw1w-sbf6-rbeu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/urllib3@1.24.2"}],"aliases":["CVE-2019-11324","GHSA-mh33-7rrq-662w","PYSEC-2019-133"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x1ah-7bvf-ykbj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/258252?format=json","vulnerability_id":"VCID-xq56-8p3c-87d5","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-37891.json","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-37891.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-37891","reference_id":"","reference_type":"","scores":[{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.44856","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-37891"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/urllib3/urllib3","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/urllib3/urllib3"},{"reference_url":"https://github.com/urllib3/urllib3/commit/40b6d1605814dd1db0a46e202d6e56f2e4c9a468","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/urllib3/urllib3/commit/40b6d1605814dd1db0a46e202d6e56f2e4c9a468"},{"reference_url":"https://github.com/urllib3/urllib3/commit/accff72ecc2f6cf5a76d9570198a93ac7c90270e","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-18T13:49:45Z/"}],"url":"https://github.com/urllib3/urllib3/commit/accff72ecc2f6cf5a76d9570198a93ac7c90270e"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/12/msg00020.html","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2024/12/msg00020.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240822-0003","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20240822-0003"},{"reference_url":"https://www.vicarius.io/vsociety/posts/proxy-authorization-header-handling-vulnerability-in-urllib3-cve-2024-37891","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.vicarius.io/vsociety/posts/proxy-authorization-header-handling-vulnerability-in-urllib3-cve-2024-37891"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074149","reference_id":"1074149","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074149"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2292788","reference_id":"2292788","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2292788"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-37891","reference_id":"CVE-2024-37891","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-37891"},{"reference_url":"https://github.com/advisories/GHSA-34jh-p97f-mpxf","reference_id":"GHSA-34jh-p97f-mpxf","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-34jh-p97f-mpxf"},{"reference_url":"https://github.com/urllib3/urllib3/security/advisories/GHSA-34jh-p97f-mpxf","reference_id":"GHSA-34jh-p97f-mpxf","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-18T13:49:45Z/"}],"url":"https://github.com/urllib3/urllib3/security/advisories/GHSA-34jh-p97f-mpxf"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4422","reference_id":"RHSA-2024:4422","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4422"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4730","reference_id":"RHSA-2024:4730","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4730"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4744","reference_id":"RHSA-2024:4744","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4744"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4746","reference_id":"RHSA-2024:4746","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4746"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5041","reference_id":"RHSA-2024:5041","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5041"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5258","reference_id":"RHSA-2024:5258","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5258"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5309","reference_id":"RHSA-2024:5309","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5309"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5526","reference_id":"RHSA-2024:5526","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5526"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5622","reference_id":"RHSA-2024:5622","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5622"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5627","reference_id":"RHSA-2024:5627","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5627"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5633","reference_id":"RHSA-2024:5633","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5633"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6162","reference_id":"RHSA-2024:6162","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6162"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6239","reference_id":"RHSA-2024:6239","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6239"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6240","reference_id":"RHSA-2024:6240","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6240"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6309","reference_id":"RHSA-2024:6309","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6309"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6310","reference_id":"RHSA-2024:6310","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6310"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6311","reference_id":"RHSA-2024:6311","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6311"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6358","reference_id":"RHSA-2024:6358","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6358"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7312","reference_id":"RHSA-2024:7312","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7312"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8035","reference_id":"RHSA-2024:8035","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8035"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8842","reference_id":"RHSA-2024:8842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8843","reference_id":"RHSA-2024:8843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8906","reference_id":"RHSA-2024:8906","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8906"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:9457","reference_id":"RHSA-2024:9457","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:9457"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:9458","reference_id":"RHSA-2024:9458","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:9458"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:9922","reference_id":"RHSA-2024:9922","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:9922"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:9923","reference_id":"RHSA-2024:9923","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:9923"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:9985","reference_id":"RHSA-2024:9985","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:9985"},{"reference_url":"https://usn.ubuntu.com/7084-1/","reference_id":"USN-7084-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7084-1/"},{"reference_url":"https://usn.ubuntu.com/7084-2/","reference_id":"USN-7084-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7084-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/49312?format=json","purl":"pkg:pypi/urllib3@1.26.19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3ggh-4hy1-vqba"},{"vulnerability":"VCID-e4a3-66pj-uucr"},{"vulnerability":"VCID-f61g-8gxp-f3b4"},{"vulnerability":"VCID-jbr8-13ca-x7dw"},{"vulnerability":"VCID-unzp-bny3-kube"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/urllib3@1.26.19"},{"url":"http://public2.vulnerablecode.io/api/packages/49314?format=json","purl":"pkg:pypi/urllib3@2.0.0a1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3ggh-4hy1-vqba"},{"vulnerability":"VCID-e4a3-66pj-uucr"},{"vulnerability":"VCID-f61g-8gxp-f3b4"},{"vulnerability":"VCID-jbr8-13ca-x7dw"},{"vulnerability":"VCID-unzp-bny3-kube"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/urllib3@2.0.0a1"},{"url":"http://public2.vulnerablecode.io/api/packages/49321?format=json","purl":"pkg:pypi/urllib3@2.2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3ggh-4hy1-vqba"},{"vulnerability":"VCID-e4a3-66pj-uucr"},{"vulnerability":"VCID-f61g-8gxp-f3b4"},{"vulnerability":"VCID-hncn-dh8m-fydg"},{"vulnerability":"VCID-jbr8-13ca-x7dw"},{"vulnerability":"VCID-unzp-bny3-kube"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/urllib3@2.2.2"}],"aliases":["CVE-2024-37891","GHSA-34jh-p97f-mpxf"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xq56-8p3c-87d5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/345488?format=json","vulnerability_id":"VCID-ywe3-pb64-n3bu","summary":"In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00039.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00039.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00041.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00041.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2272","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2272"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3335","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3335"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3590","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3590"},{"reference_url":"https://github.com/urllib3/urllib3/issues/1553","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/urllib3/urllib3/issues/1553"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/06/msg00016.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2019/06/msg00016.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NKGPJLVLVYCL4L4B4G5TIOTVK4BKPG72/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NKGPJLVLVYCL4L4B4G5TIOTVK4BKPG72/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R62XGEYPUTXMRHGX5I37EBCGQ5COHGKR/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R62XGEYPUTXMRHGX5I37EBCGQ5COHGKR/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TBI45HO533KYHNB5YRO43TBYKA3E3VRL/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TBI45HO533KYHNB5YRO43TBYKA3E3VRL/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOSA2NT4DUQDBEIWE6O7KKD24XND7TE2/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOSA2NT4DUQDBEIWE6O7KKD24XND7TE2/"},{"reference_url":"https://usn.ubuntu.com/3990-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3990-1/"},{"reference_url":"https://usn.ubuntu.com/3990-2/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3990-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/12077?format=json","purl":"pkg:pypi/urllib3@1.24.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3ggh-4hy1-vqba"},{"vulnerability":"VCID-e4a3-66pj-uucr"},{"vulnerability":"VCID-f61g-8gxp-f3b4"},{"vulnerability":"VCID-hqya-8m8q-8kbg"},{"vulnerability":"VCID-jbr8-13ca-x7dw"},{"vulnerability":"VCID-k6uc-8pxc-w7hk"},{"vulnerability":"VCID-q9qm-kzsk-bygp"},{"vulnerability":"VCID-unzp-bny3-kube"},{"vulnerability":"VCID-xq56-8p3c-87d5"},{"vulnerability":"VCID-zw1w-sbf6-rbeu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/urllib3@1.24.3"}],"aliases":["PYSEC-2019-62"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ywe3-pb64-n3bu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7981?format=json","vulnerability_id":"VCID-zw1w-sbf6-rbeu","summary":"urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-26137.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-26137.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-26137","reference_id":"","reference_type":"","scores":[{"value":"0.00279","scoring_system":"epss","scoring_elements":"0.5153","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-26137"},{"reference_url":"https://bugs.python.org/issue39603","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.python.org/issue39603"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/advisories/GHSA-wqvq-5m8c-6g24","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wqvq-5m8c-6g24"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2020-148.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2020-148.yaml"},{"reference_url":"https://github.com/urllib3/urllib3","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/urllib3/urllib3"},{"reference_url":"https://github.com/urllib3/urllib3/commit/1dd69c5c5982fae7c87a620d487c2ebf7a6b436b","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/urllib3/urllib3/commit/1dd69c5c5982fae7c87a620d487c2ebf7a6b436b"},{"reference_url":"https://github.com/urllib3/urllib3/pull/1800","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/urllib3/urllib3/pull/1800"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/06/msg00015.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2021/06/msg00015.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/10/msg00012.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2023/10/msg00012.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-26137","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-26137"},{"reference_url":"https://usn.ubuntu.com/4570-1","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/4570-1"},{"reference_url":"https://usn.ubuntu.com/4570-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4570-1/"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2022.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujul2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2021.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1883632","reference_id":"1883632","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1883632"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4299","reference_id":"RHSA-2020:4299","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4299"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0034","reference_id":"RHSA-2021:0034","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0034"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0079","reference_id":"RHSA-2021:0079","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0079"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1631","reference_id":"RHSA-2021:1631","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1631"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1761","reference_id":"RHSA-2021:1761","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1761"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5235","reference_id":"RHSA-2022:5235","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5235"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/17175?format=json","purl":"pkg:pypi/urllib3@1.25.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3ggh-4hy1-vqba"},{"vulnerability":"VCID-e4a3-66pj-uucr"},{"vulnerability":"VCID-f61g-8gxp-f3b4"},{"vulnerability":"VCID-hqya-8m8q-8kbg"},{"vulnerability":"VCID-jbr8-13ca-x7dw"},{"vulnerability":"VCID-k6uc-8pxc-w7hk"},{"vulnerability":"VCID-q9qm-kzsk-bygp"},{"vulnerability":"VCID-unzp-bny3-kube"},{"vulnerability":"VCID-xq56-8p3c-87d5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/urllib3@1.25.9"}],"aliases":["CVE-2020-26137","GHSA-wqvq-5m8c-6g24","PYSEC-2020-148"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zw1w-sbf6-rbeu"}],"fixing_vulnerabilities":[],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/urllib3@1.18"}