VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-n7px-rq6v-aaaa

Essentials
Severities (141)
References (43)
Severity details (49)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-n7px-rq6v-aaaa
Aliases	CVE-2019-11324 GHSA-mh33-7rrq-662w PYSEC-2019-133 PYSEC-2019-63
Summary	The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure is the correct outcome. This is related to use of the ssl_context, ca_certs, or ca_certs_dir argument.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-295	Improper Certificate Validation
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3.1	7.5	http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00039.html
generic_textual	HIGH	http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00039.html
cvssv3.1	7.5	http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00041.html
generic_textual	HIGH	http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00041.html
generic_textual	Medium	http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11324.html
cvssv3.1	7.5	https://access.redhat.com/errata/RHSA-2019:3335
generic_textual	HIGH	https://access.redhat.com/errata/RHSA-2019:3335
rhas	Moderate	https://access.redhat.com/errata/RHSA-2019:3335
cvssv3.1	7.5	https://access.redhat.com/errata/RHSA-2019:3590
generic_textual	HIGH	https://access.redhat.com/errata/RHSA-2019:3590
rhas	Moderate	https://access.redhat.com/errata/RHSA-2019:3590
rhas	Moderate	https://access.redhat.com/errata/RHSA-2020:0850
rhas	Moderate	https://access.redhat.com/errata/RHSA-2020:1605
rhas	Moderate	https://access.redhat.com/errata/RHSA-2020:1916
rhas	Moderate	https://access.redhat.com/errata/RHSA-2020:2068
cvssv3	7.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11324.json
epss	0.00480	https://api.first.org/data/v1/epss?cve=CVE-2019-11324
epss	0.00480	https://api.first.org/data/v1/epss?cve=CVE-2019-11324
epss	0.00480	https://api.first.org/data/v1/epss?cve=CVE-2019-11324
epss	0.00480	https://api.first.org/data/v1/epss?cve=CVE-2019-11324
epss	0.00680	https://api.first.org/data/v1/epss?cve=CVE-2019-11324
epss	0.00680	https://api.first.org/data/v1/epss?cve=CVE-2019-11324
epss	0.00680	https://api.first.org/data/v1/epss?cve=CVE-2019-11324
epss	0.00680	https://api.first.org/data/v1/epss?cve=CVE-2019-11324
epss	0.00680	https://api.first.org/data/v1/epss?cve=CVE-2019-11324
epss	0.00680	https://api.first.org/data/v1/epss?cve=CVE-2019-11324
epss	0.00680	https://api.first.org/data/v1/epss?cve=CVE-2019-11324
epss	0.00680	https://api.first.org/data/v1/epss?cve=CVE-2019-11324
epss	0.00680	https://api.first.org/data/v1/epss?cve=CVE-2019-11324
epss	0.00680	https://api.first.org/data/v1/epss?cve=CVE-2019-11324
epss	0.00680	https://api.first.org/data/v1/epss?cve=CVE-2019-11324
epss	0.01379	https://api.first.org/data/v1/epss?cve=CVE-2019-11324
epss	0.01379	https://api.first.org/data/v1/epss?cve=CVE-2019-11324
epss	0.01379	https://api.first.org/data/v1/epss?cve=CVE-2019-11324
epss	0.01379	https://api.first.org/data/v1/epss?cve=CVE-2019-11324
epss	0.01379	https://api.first.org/data/v1/epss?cve=CVE-2019-11324
epss	0.01379	https://api.first.org/data/v1/epss?cve=CVE-2019-11324
epss	0.01379	https://api.first.org/data/v1/epss?cve=CVE-2019-11324
epss	0.01379	https://api.first.org/data/v1/epss?cve=CVE-2019-11324
epss	0.01379	https://api.first.org/data/v1/epss?cve=CVE-2019-11324
epss	0.01379	https://api.first.org/data/v1/epss?cve=CVE-2019-11324
epss	0.01379	https://api.first.org/data/v1/epss?cve=CVE-2019-11324
epss	0.01379	https://api.first.org/data/v1/epss?cve=CVE-2019-11324
epss	0.01379	https://api.first.org/data/v1/epss?cve=CVE-2019-11324
epss	0.01379	https://api.first.org/data/v1/epss?cve=CVE-2019-11324
epss	0.01379	https://api.first.org/data/v1/epss?cve=CVE-2019-11324
epss	0.01379	https://api.first.org/data/v1/epss?cve=CVE-2019-11324
epss	0.01379	https://api.first.org/data/v1/epss?cve=CVE-2019-11324
epss	0.01379	https://api.first.org/data/v1/epss?cve=CVE-2019-11324
epss	0.01379	https://api.first.org/data/v1/epss?cve=CVE-2019-11324
epss	0.01379	https://api.first.org/data/v1/epss?cve=CVE-2019-11324
epss	0.01379	https://api.first.org/data/v1/epss?cve=CVE-2019-11324
epss	0.01379	https://api.first.org/data/v1/epss?cve=CVE-2019-11324
epss	0.01379	https://api.first.org/data/v1/epss?cve=CVE-2019-11324
epss	0.01379	https://api.first.org/data/v1/epss?cve=CVE-2019-11324
epss	0.01379	https://api.first.org/data/v1/epss?cve=CVE-2019-11324
epss	0.01379	https://api.first.org/data/v1/epss?cve=CVE-2019-11324
epss	0.01379	https://api.first.org/data/v1/epss?cve=CVE-2019-11324
epss	0.01379	https://api.first.org/data/v1/epss?cve=CVE-2019-11324
epss	0.01379	https://api.first.org/data/v1/epss?cve=CVE-2019-11324
epss	0.01379	https://api.first.org/data/v1/epss?cve=CVE-2019-11324
epss	0.01379	https://api.first.org/data/v1/epss?cve=CVE-2019-11324
epss	0.01379	https://api.first.org/data/v1/epss?cve=CVE-2019-11324
epss	0.01379	https://api.first.org/data/v1/epss?cve=CVE-2019-11324
epss	0.01379	https://api.first.org/data/v1/epss?cve=CVE-2019-11324
epss	0.01379	https://api.first.org/data/v1/epss?cve=CVE-2019-11324
epss	0.01379	https://api.first.org/data/v1/epss?cve=CVE-2019-11324
epss	0.01379	https://api.first.org/data/v1/epss?cve=CVE-2019-11324
epss	0.01379	https://api.first.org/data/v1/epss?cve=CVE-2019-11324
epss	0.01379	https://api.first.org/data/v1/epss?cve=CVE-2019-11324
epss	0.01379	https://api.first.org/data/v1/epss?cve=CVE-2019-11324
epss	0.01379	https://api.first.org/data/v1/epss?cve=CVE-2019-11324
epss	0.01379	https://api.first.org/data/v1/epss?cve=CVE-2019-11324
epss	0.01379	https://api.first.org/data/v1/epss?cve=CVE-2019-11324
epss	0.01379	https://api.first.org/data/v1/epss?cve=CVE-2019-11324
epss	0.01379	https://api.first.org/data/v1/epss?cve=CVE-2019-11324
epss	0.01379	https://api.first.org/data/v1/epss?cve=CVE-2019-11324
epss	0.01379	https://api.first.org/data/v1/epss?cve=CVE-2019-11324
epss	0.01379	https://api.first.org/data/v1/epss?cve=CVE-2019-11324
epss	0.01379	https://api.first.org/data/v1/epss?cve=CVE-2019-11324
epss	0.01379	https://api.first.org/data/v1/epss?cve=CVE-2019-11324
epss	0.01379	https://api.first.org/data/v1/epss?cve=CVE-2019-11324
epss	0.01379	https://api.first.org/data/v1/epss?cve=CVE-2019-11324
epss	0.01379	https://api.first.org/data/v1/epss?cve=CVE-2019-11324
epss	0.01379	https://api.first.org/data/v1/epss?cve=CVE-2019-11324
epss	0.01379	https://api.first.org/data/v1/epss?cve=CVE-2019-11324
epss	0.01379	https://api.first.org/data/v1/epss?cve=CVE-2019-11324
epss	0.01379	https://api.first.org/data/v1/epss?cve=CVE-2019-11324
epss	0.01379	https://api.first.org/data/v1/epss?cve=CVE-2019-11324
epss	0.01379	https://api.first.org/data/v1/epss?cve=CVE-2019-11324
epss	0.01379	https://api.first.org/data/v1/epss?cve=CVE-2019-11324
epss	0.01379	https://api.first.org/data/v1/epss?cve=CVE-2019-11324
epss	0.01379	https://api.first.org/data/v1/epss?cve=CVE-2019-11324
epss	0.01379	https://api.first.org/data/v1/epss?cve=CVE-2019-11324
epss	0.01379	https://api.first.org/data/v1/epss?cve=CVE-2019-11324
epss	0.01417	https://api.first.org/data/v1/epss?cve=CVE-2019-11324
epss	0.01417	https://api.first.org/data/v1/epss?cve=CVE-2019-11324
epss	0.01417	https://api.first.org/data/v1/epss?cve=CVE-2019-11324
epss	0.01417	https://api.first.org/data/v1/epss?cve=CVE-2019-11324
epss	0.01417	https://api.first.org/data/v1/epss?cve=CVE-2019-11324
epss	0.01417	https://api.first.org/data/v1/epss?cve=CVE-2019-11324
epss	0.03846	https://api.first.org/data/v1/epss?cve=CVE-2019-11324
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11324
cvssv3	4	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	7.5	https://github.com/advisories/GHSA-mh33-7rrq-662w
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-mh33-7rrq-662w
generic_textual	HIGH	https://github.com/advisories/GHSA-mh33-7rrq-662w
cvssv3.1	7.5	https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2019-133.yaml
generic_textual	HIGH	https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2019-133.yaml
cvssv3.1	4.4	https://github.com/urllib3/urllib3
cvssv3.1	7.5	https://github.com/urllib3/urllib3
generic_textual	HIGH	https://github.com/urllib3/urllib3
generic_textual	MODERATE	https://github.com/urllib3/urllib3
cvssv3.1	7.5	https://github.com/urllib3/urllib3/commit/1efadf43dc63317cd9eaa3e0fdb9e05ab07254b1
generic_textual	HIGH	https://github.com/urllib3/urllib3/commit/1efadf43dc63317cd9eaa3e0fdb9e05ab07254b1
cvssv3.1	7.5	https://github.com/urllib3/urllib3/compare/a6ec68a...1efadf4
generic_textual	HIGH	https://github.com/urllib3/urllib3/compare/a6ec68a...1efadf4
cvssv3.1	6.5	https://lists.debian.org/debian-lts-announce/2021/06/msg00015.html
cvssv3.1	7.5	https://lists.debian.org/debian-lts-announce/2021/06/msg00015.html
generic_textual	HIGH	https://lists.debian.org/debian-lts-announce/2021/06/msg00015.html
generic_textual	MODERATE	https://lists.debian.org/debian-lts-announce/2021/06/msg00015.html
cvssv3.1	5.9	https://lists.debian.org/debian-lts-announce/2023/10/msg00012.html
cvssv3.1	7.5	https://lists.debian.org/debian-lts-announce/2023/10/msg00012.html
generic_textual	HIGH	https://lists.debian.org/debian-lts-announce/2023/10/msg00012.html
generic_textual	MODERATE	https://lists.debian.org/debian-lts-announce/2023/10/msg00012.html
cvssv3.1	7.5	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NKGPJLVLVYCL4L4B4G5TIOTVK4BKPG72
generic_textual	HIGH	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NKGPJLVLVYCL4L4B4G5TIOTVK4BKPG72
cvssv3.1	7.5	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOSA2NT4DUQDBEIWE6O7KKD24XND7TE2
generic_textual	HIGH	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOSA2NT4DUQDBEIWE6O7KKD24XND7TE2
cvssv2	5.0	https://nvd.nist.gov/vuln/detail/CVE-2019-11324
cvssv3	7.5	https://nvd.nist.gov/vuln/detail/CVE-2019-11324
cvssv3.1	7.5	https://nvd.nist.gov/vuln/detail/CVE-2019-11324
generic_textual	HIGH	https://nvd.nist.gov/vuln/detail/CVE-2019-11324
cvssv3.1	7.5	https://pypi.org/project/urllib3/1.24.2
generic_textual	HIGH	https://pypi.org/project/urllib3/1.24.2
generic_textual	Medium	https://ubuntu.com/security/notices/USN-3990-1
cvssv3.1	7.5	https://usn.ubuntu.com/3990-1
generic_textual	HIGH	https://usn.ubuntu.com/3990-1
generic_textual	Medium	https://www.openwall.com/lists/oss-security/2019/04/17/3
cvssv3.1	7.5	http://www.openwall.com/lists/oss-security/2019/04/19/1
generic_textual	HIGH	http://www.openwall.com/lists/oss-security/2019/04/19/1

Reference id	Reference type	URL
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11324
		http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00039.html
		http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00041.html
		http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11324.html
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11324.json
		https://api.first.org/data/v1/epss?cve=CVE-2019-11324
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11324
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2019-133.yaml
		https://github.com/urllib3/urllib3
		https://github.com/urllib3/urllib3/commit/1efadf43dc63317cd9eaa3e0fdb9e05ab07254b1
		https://github.com/urllib3/urllib3/compare/a6ec68a...1efadf4
		https://lists.debian.org/debian-lts-announce/2021/06/msg00015.html
		https://lists.debian.org/debian-lts-announce/2023/10/msg00012.html
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NKGPJLVLVYCL4L4B4G5TIOTVK4BKPG72/
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XOSA2NT4DUQDBEIWE6O7KKD24XND7TE2/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NKGPJLVLVYCL4L4B4G5TIOTVK4BKPG72
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NKGPJLVLVYCL4L4B4G5TIOTVK4BKPG72/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOSA2NT4DUQDBEIWE6O7KKD24XND7TE2
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOSA2NT4DUQDBEIWE6O7KKD24XND7TE2/
		https://pypi.org/project/urllib3/1.24.2
		https://pypi.org/project/urllib3/1.24.2/
		https://ubuntu.com/security/notices/USN-3990-1
		https://usn.ubuntu.com/3990-1
		https://usn.ubuntu.com/3990-1/
		https://www.openwall.com/lists/oss-security/2019/04/17/3
		https://www.openwall.com/lists/oss-security/2019/04/19/1
		http://www.openwall.com/lists/oss-security/2019/04/19/1
927412		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927412
cpe:2.3:a:python:urllib3::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:urllib3::::::::
cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*
cpe:2.3:o:canonical:ubuntu_linux:19.04:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.04:::::::*
CVE-2019-11324		https://nvd.nist.gov/vuln/detail/CVE-2019-11324
GHSA-mh33-7rrq-662w		https://github.com/advisories/GHSA-mh33-7rrq-662w
RHBA-2020:2785		https://bugzilla.redhat.com/show_bug.cgi?id=1702473
RHSA-2019:3335		https://access.redhat.com/errata/RHSA-2019:3335
RHSA-2019:3590		https://access.redhat.com/errata/RHSA-2019:3590
RHSA-2020:0850		https://access.redhat.com/errata/RHSA-2020:0850
RHSA-2020:1605		https://access.redhat.com/errata/RHSA-2020:1605
RHSA-2020:1916		https://access.redhat.com/errata/RHSA-2020:1916
RHSA-2020:2068		https://access.redhat.com/errata/RHSA-2020:2068

No exploits are available.

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00039.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00041.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://access.redhat.com/errata/RHSA-2019:3335

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://access.redhat.com/errata/RHSA-2019:3590

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11324.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/advisories/GHSA-mh33-7rrq-662w

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2019-133.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/urllib3/urllib3

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/urllib3/urllib3

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/urllib3/urllib3/commit/1efadf43dc63317cd9eaa3e0fdb9e05ab07254b1

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/urllib3/urllib3/compare/a6ec68a...1efadf4

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Found at https://lists.debian.org/debian-lts-announce/2021/06/msg00015.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://lists.debian.org/debian-lts-announce/2021/06/msg00015.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N Found at https://lists.debian.org/debian-lts-announce/2023/10/msg00012.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://lists.debian.org/debian-lts-announce/2023/10/msg00012.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NKGPJLVLVYCL4L4B4G5TIOTVK4BKPG72

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOSA2NT4DUQDBEIWE6O7KKD24XND7TE2

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2019-11324

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2019-11324

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2019-11324

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://pypi.org/project/urllib3/1.24.2

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://usn.ubuntu.com/3990-1

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at http://www.openwall.com/lists/oss-security/2019/04/19/1

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.75535
EPSS Score	0.00480
Published At	Dec. 17, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.