VulnerableCode Vulnerability Details - VCID-g2rg-h4rq-jyhk

Search for vulnerabilities

Vulnerability details: VCID-g2rg-h4rq-jyhk

Essentials
Severities (0)
References (8)
Severity details (0)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-g2rg-h4rq-jyhk
Aliases	PYSEC-2019-63
Summary	The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure is the correct outcome. This is related to use of the ssl_context, ca_certs, or ca_certs_dir argument.
Status	Published
Exploitability	None
Weighted Severity	None
Risk	None
Affected and Fixed Packages	Package Details

Weaknesses (0)

There are no known CWE.

System	Score	Found at
There are no known severity scores.

Reference id	Reference type	URL
		http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00039.html
		http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00041.html
		https://access.redhat.com/errata/RHSA-2019:3335
		https://access.redhat.com/errata/RHSA-2019:3590
		https://github.com/urllib3/urllib3/compare/a6ec68a...1efadf4
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NKGPJLVLVYCL4L4B4G5TIOTVK4BKPG72/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOSA2NT4DUQDBEIWE6O7KKD24XND7TE2/
		http://www.openwall.com/lists/oss-security/2019/04/19/1

No exploits are available.

There are no known vectors.

No EPSS data available for this vulnerability.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-01T14:55:34.884229+00:00	PyPI Importer	Import	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	36.1.3