CVE-2025-50181

Medium CVSS: 5.3

urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a PoolManager and specifying retries in a way that disable redirects. By default, requests and botocore users are not affected. An application attempting to mitigate SSRF or open redirect vulnerabilities by disabling redirects at the PoolManager level will remain vulnerable. This issue has been patched in version 2.5.0.

Vendor

Python

Product

Urllib3

CWE

CWE-601

Yayın Tarihi

2025-06-19 01:15:24

Güncelleme

2025-12-22 19:15:49

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-601 Urllib3 MEDIUM Python 2025

Referanslar

https://github.com/urllib3/urllib3/commit/f05b1329126d5be6de501f9d1e3e36738bc08857 https://github.com/urllib3/urllib3/releases/tag/2.5.0 https://github.com/urllib3/urllib3/security/advisories/GHSA-pq67-6m6q-mj2v

Benzer Kayıtlar

Medium

CVE-2026-25645

Requests is a HTTP library. Prior to version 2.33.0, the `requests.utils.extract_zipped_paths()` utility function uses a…

High

CVE-2026-32274

Black is the uncompromising Python code formatter. Prior to 26.3.1, Black writes a cache file, the name of which is comp…

High

CVE-2026-31900

Black is the uncompromising Python code formatter. Black provides a GitHub action for formatting code. This action suppo…

High

CVE-2026-25990

Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, n out-of-bounds write may be triggered when loading a…

Medium

CVE-2025-12781

When passing data to the b64decode(), standard_b64decode(), and urlsafe_b64decode() functions in the "base64" module the…

High

CVE-2026-21441

urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HT…