python-urllib3
Link | package | bugs open | bugs closed | Wiki | GitHub | web search |
Description | HTTP library with thread-safe connection pooling and file post support |
Version |
1.26.20-4 [extra-testing] 1.26.20-3 [extra] |
Resolved
Group | Affected | Fixed | Severity | Status | Ticket |
---|---|---|---|---|---|
AVG-2038 | 1.26.4-2 | 1.26.5-1 | Medium | Fixed | |
AVG-1691 | 1.26.3-1 | 1.26.4-1 | High | Fixed |
Issue | Group | Severity | Remote | Type | Description |
---|---|---|---|---|---|
CVE-2021-33503 | AVG-2038 | Medium | Yes | Denial of service | A security issue has been found in python-urllib3 before version 1.26.5. When provided with a URL containing many @ characters in the authority component,... |
CVE-2021-28363 | AVG-1691 | High | Yes | Certificate verification bypass | The urllib3 library 1.26.x before 1.26.4 for Python omits SSL certificate validation in some cases involving HTTPS to HTTPS proxies. The initial connection... |
Advisories
Date | Advisory | Group | Severity | Type |
---|---|---|---|---|
09 Jun 2021 | ASA-202106-25 | AVG-2038 | Medium | denial of service |