pkg:PyPI/urllib3

所有已知漏洞

• CRITICAL9.8CVE-2018-20060python-urllib3 - security update
  from 0, < 1.23
• CRITICAL9.8CVE-2018-20060python-urllib3 - security update
  from 0, < 1.23
• HIGH7.5CVE-2026-44432urllib3: Decompression-bomb safeguards bypassed in parts of the streaming API
  >= 2.6.0, < 2.7.0
• HIGH7.5CVE-2026-44432urllib3: Decompression-bomb safeguards bypassed in parts of the streaming API
  >= 2.6.0, < 2.7.0
• HIGH7.5CVE-2026-21441Decompression-bomb safeguards bypassed when following HTTP redirects (streaming API)
  >= 1.22, < 2.6.3
• HIGH7.5CVE-2025-66471urllib3 streaming API improperly handles highly compressed data
  >= 1.0, < 2.6.0
• HIGH7.5CVE-2025-66418urllib3 allows an unbounded number of links in the decompression chain
  >= 1.24, < 2.6.0
• HIGH7.5CVE-2021-33503Catastrophic backtracking in URL authority parser when passed URL containing many @ characters
  from 0, < 2d4a3fee6de2fa45eb82169361918f759269b4ec | from 0, < 1.26.5
• HIGH7.5CVE-2021-33503Catastrophic backtracking in URL authority parser when passed URL containing many @ characters
  >= 1.25.4, < 1.26.5
• HIGH7.5CVE-2020-7212Uncontrolled Resource Consumption in urllib3
  >= 1.25.2, < 1.25.8
• HIGH7.5CVE-2020-7212Uncontrolled Resource Consumption in urllib3
  from 0, < a74c9cfbaed9f811e7563cfc3dce894928e0221a | >= 1.25.2, < 1.25.8
• HIGH7.5CVE-2019-11324Improper Certificate Validation in urllib3
  from 0, < 1.24.2
• HIGH7.5CVE-2019-11324Improper Certificate Validation in urllib3
  from 0, < 1.24.2
• MEDIUM6.5CVE-2020-26137CRLF injection in urllib3
  from 0, < 1dd69c5c5982fae7c87a620d487c2ebf7a6b436b | from 0, < 1.25.9
• MEDIUM6.5CVE-2020-26137CRLF injection in urllib3
  from 0, < 1.25.9
• MEDIUM6.5CVE-2021-28363Using default SSLContext for HTTPS requests in an HTTPS proxy doesn't verify certificate hostname for proxy connection
  from 0, < 8d65ea1ecf6e2cdc27d42124e587c1b83a3118b0 | >= 1.26.0, < 1.26.4
• MEDIUM6.5CVE-2021-28363Using default SSLContext for HTTPS requests in an HTTPS proxy doesn't verify certificate hostname for proxy connection
  >= 1.26.0, < 1.26.4
• MEDIUM6.1CVE-2018-25091python-urllib3 - security update
  from 0, < 1.24.2
• MEDIUM6.1CVE-2018-25091python-urllib3 - security update
  from 0, < adb358f8e06865406d1f05e581a16cbea2136fbc | from 0, < 1.24.2
• MEDIUM6.1CVE-2019-11236python-urllib3 - security update
  from 0, < 1.24.3
• MEDIUM6.1CVE-2019-11236python-urllib3 - security update
  from 0, < 1.24.3
• MEDIUM5.9CVE-2023-43804`Cookie` HTTP header isn't stripped on cross-origin redirects
  >= 2.0.0, < 2.0.6
• MEDIUM5.9CVE-2023-43804`Cookie` HTTP header isn't stripped on cross-origin redirects
  from 0, < 644124ecd0b6e417c527191f866daa05a5a2056d, < 01220354d389cd05474713f8c982d05c9b17aafb | >= 2.0.0, < 2.0.6, from 0, < 1.26.17
• MEDIUM5.3CVE-2026-44431urllib3: Sensitive headers forwarded across origins in proxied low-level redirects
  >= 1.23, < 2.7.0
• MEDIUM5.3CVE-2026-44431urllib3: Sensitive headers forwarded across origins in proxied low-level redirects
  >= 1.23, < 2.7.0
• MEDIUM5.3CVE-2025-50182urllib3 does not control redirects in browsers and Node.js
  >= 2.2.0, < 2.5.0
• MEDIUM5.3CVE-2025-50181urllib3 redirects are not disabled when retries are disabled on PoolManager instantiation
  from 0, < 2.5.0
• MEDIUM4.4CVE-2024-37891urllib3's Proxy-Authorization request header isn't stripped during cross-origin redirects
  from 0, < 1.26.19
• MEDIUM4.2CVE-2023-45803urllib3's request body not stripped after redirect from 303 status changes request method to GET
  from 0, < 4e98d57809dacab1cbe625fddeec1a290c478ea9 | >= 2.0.0, < 2.0.7, from 0, < 1.26.18
• MEDIUM4.2CVE-2023-45803urllib3's request body not stripped after redirect from 303 status changes request method to GET
  >= 2.0.0, < 2.0.7
• LOW3.7CVE-2016-9015Urllib3 Incorrect Certificate Validation
  >= 1.17, < 1.18.1
• LOW3.7CVE-2016-9015Urllib3 Incorrect Certificate Validation
  >= 1.17, < 1.18.1