Search CVE reports
1 – 10 of 20 results
urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion (1) during the second HTTPResponse.read(amt=N) call when the response was...
2 affected packages
python-urllib3, python-pip
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python-urllib3 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| python-pip | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connection_from_url().urlopen(..., assert_same_host=False) still forward these...
2 affected packages
python-urllib3, python-pip
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python-urllib3 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| python-pip | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Some fixes available 6 of 13
urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at...
2 affected packages
python-urllib3, python-pip
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python-urllib3 | Not affected | Fixed | Fixed | Fixed | Ignored |
| python-pip | Vulnerable | Vulnerable | Vulnerable | Fixed | Ignored |
Some fixes available 4 of 18
urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.0 and prior to 2.6.0, the Streaming API improperly handles highly compressed data. urllib3's streaming API is designed for the efficient handling of...
2 affected packages
python-urllib3, python-pip
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python-urllib3 | Fixed | Fixed | Ignored | Ignored | Ignored |
| python-pip | Vulnerable | Vulnerable | Ignored | Ignored | Ignored |
Some fixes available 7 of 12
urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited...
2 affected packages
python-urllib3, python-pip
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python-urllib3 | Fixed | Fixed | Fixed | Fixed | Not affected |
| python-pip | Vulnerable | Vulnerable | Vulnerable | Fixed | Not affected |
urllib3 is a user-friendly HTTP client library for Python. Starting in version 2.2.0 and prior to 2.5.0, urllib3 does not control redirects in browsers and Node.js. urllib3 supports being used in a Pyodide runtime utilizing the...
2 affected packages
python-pip, python-urllib3
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python-pip | — | Not affected | Not affected | Not affected | Not affected |
| python-urllib3 | — | Not affected | Not affected | Not affected | Not affected |
urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a PoolManager and specifying retries in a way that disable redirects. By default,...
2 affected packages
python-pip, python-urllib3
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python-pip | — | Fixed | Fixed | Not affected | Not affected |
| python-urllib3 | — | Fixed | Fixed | Fixed | Fixed |
Some fixes available 12 of 16
urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with `ProxyManager`, the `Proxy-Authorization` header is only sent to the configured proxy, as expected. However, when sending HTTP...
2 affected packages
python-pip, python-urllib3
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python-pip | Not affected | Fixed | Fixed | Fixed | Fixed |
| python-urllib3 | Not affected | Fixed | Fixed | Fixed | Fixed |
Some fixes available 13 of 16
urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one...
2 affected packages
python-pip, python-urllib3
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python-pip | Not affected | Fixed | Fixed | Fixed | Fixed |
| python-urllib3 | Not affected | Not affected | Fixed | Fixed | Fixed |
Some fixes available 4 of 7
urllib3 before 1.24.2 does not remove the authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the authorization header to be...
2 affected packages
python-urllib3, python-pip
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python-urllib3 | Not affected | Not affected | Not affected | Not affected | Fixed |
| python-pip | Not affected | Not affected | Not affected | Not affected | Fixed |