python-urllib3

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description HTTP library with thread-safe connection pooling and file post support
Version 1.26.20-3 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-2038 1.26.4-2 1.26.5-1 Medium Fixed
AVG-1691 1.26.3-1 1.26.4-1 High Fixed
Issue Group Severity Remote Type Description
CVE-2021-33503 AVG-2038 Medium Yes Denial of service
A security issue has been found in python-urllib3 before version 1.26.5. When provided with a URL containing many @ characters in the authority component,...
CVE-2021-28363 AVG-1691 High Yes Certificate verification bypass
The urllib3 library 1.26.x before 1.26.4 for Python omits SSL certificate validation in some cases involving HTTPS to HTTPS proxies. The initial connection...

Advisories

Date Advisory Group Severity Type
09 Jun 2021 ASA-202106-25 AVG-2038 Medium denial of service