python-urllib3
| Link | package | bugs open | bugs closed | Wiki | GitHub | web search |
| Description | HTTP library with thread-safe connection pooling and file post support |
| Version |
1.26.18-3 [extra-testing] 1.26.18-1 [extra] |
Resolved
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-2038 | 1.26.4-2 | 1.26.5-1 | Medium | Fixed | |
| AVG-1691 | 1.26.3-1 | 1.26.4-1 | High | Fixed |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2021-33503 | AVG-2038 | Medium | Yes | Denial of service | A security issue has been found in python-urllib3 before version 1.26.5. When provided with a URL containing many @ characters in the authority component,... |
| CVE-2021-28363 | AVG-1691 | High | Yes | Certificate verification bypass | The urllib3 library 1.26.x before 1.26.4 for Python omits SSL certificate validation in some cases involving HTTPS to HTTPS proxies. The initial connection... |
Advisories
| Date | Advisory | Group | Severity | Type |
|---|---|---|---|---|
| 09 Jun 2021 | ASA-202106-25 | AVG-2038 | Medium | denial of service |