CVE-2025-50182

Medium CVSS: 5.3

urllib3 is a user-friendly HTTP client library for Python. Starting in version 2.2.0 and prior to 2.5.0, urllib3 does not control redirects in browsers and Node.js. urllib3 supports being used in a Pyodide runtime utilizing the JavaScript Fetch API or falling back on XMLHttpRequest. This means Python libraries can be used to make HTTP requests from a browser or Node.js. Additionally, urllib3 provides a mechanism to control redirects, but the retries and redirect parameters are ignored with Pyodide; the runtime itself determines redirect behavior. This issue has been patched in version 2.5.0.

Vendor

Python

Product

Urllib3

CWE

CWE-601

Yayın Tarihi

2025-06-19 02:15:17

Güncelleme

2025-12-22 19:15:49

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-601 Urllib3 MEDIUM Python 2025

Referanslar

https://github.com/urllib3/urllib3/commit/7eb4a2aafe49a279c29b6d1f0ed0f42e9736194f https://github.com/urllib3/urllib3/releases/tag/2.5.0 https://github.com/urllib3/urllib3/security/advisories/GHSA-48p4-8xcf-vxj5

Benzer Kayıtlar

Medium

CVE-2026-5271

pymanager included the current working directory in sys.path meaning modules could be shadowed by modules in the current…

Medium

CVE-2026-25645

Requests is a HTTP library. Prior to version 2.33.0, the `requests.utils.extract_zipped_paths()` utility function uses a…

High

CVE-2026-32274

Black is the uncompromising Python code formatter. Prior to 26.3.1, Black writes a cache file, the name of which is comp…

High

CVE-2026-31900

Black is the uncompromising Python code formatter. Black provides a GitHub action for formatting code. This action suppo…

High

CVE-2026-25990

Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, n out-of-bounds write may be triggered when loading a…

Medium

CVE-2025-12781

When passing data to the b64decode(), standard_b64decode(), and urlsafe_b64decode() functions in the "base64" module the…