CVE-2021-28363 log

Source
Severity High
Remote Yes
Type Certificate verification bypass
Description
The urllib3 library 1.26.x before 1.26.4 for Python omits SSL certificate validation in some cases involving HTTPS to HTTPS proxies. The initial connection to the HTTPS proxy (if an SSLContext isn't given via proxy_config) doesn't verify the hostname of the certificate. This means certificates for different servers that still validate properly with the default urllib3 SSLContext will be silently accepted.
Group Package Affected Fixed Severity Status Ticket
AVG-1691 python-urllib3, python2-urllib3 1.26.3-1 1.26.4-1 High Fixed
References
https://github.com/urllib3/urllib3/security/advisories/GHSA-5phf-pp7p-vc2r
https://github.com/urllib3/urllib3/commit/8d65ea1ecf6e2cdc27d42124e587c1b83a3118b0