urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps leading to high CPU usage and massive memory allocation for the decompressed data. This vulnerability is fixed in 2.6.0.
oryginał ENCVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XPython Urllib3
APPPython1.24 – 2.6.0 (bez)
Powiązane podatności
urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redire...
urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from ...
urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole r...
urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling o...
urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.0 and prior to 2.6.0, the Str...