Information on source package python-urllib3

Available versions

ReleaseVersion
stretch1.19.1-1
stretch (security)1.19.1-1+deb9u1
buster1.24.1-1
bullseye1.26.4-1
sid1.26.4-1

Open issues

BugstretchbusterbullseyesidDescription
CVE-2021-33503vulnerable (no DSA, ignored)vulnerable (no DSA)vulnerablevulnerableCatastrophic backtracking in URL authority parser when passed URL containing many @ characters
CVE-2020-26137fixedvulnerable (no DSA)fixedfixedurllib3 before 1.25.9 allows CRLF injection if the attacker controls t ...
CVE-2019-11324fixedvulnerable (no DSA)fixedfixedThe urllib3 library before 1.24.2 for Python mishandles certain cases ...
CVE-2019-11236fixedvulnerable (no DSA)fixedfixedIn the urllib3 library through 1.24.1 for Python, CRLF injection is po ...

Resolved issues

BugDescription
CVE-2021-28363The urllib3 library 1.26.x before 1.26.4 for Python omits SSL certific ...
CVE-2020-7212The _encode_invalid_chars function in util/url.py in the urllib3 libra ...
CVE-2018-20060urllib3 before version 1.23 does not remove the Authorization HTTP hea ...
CVE-2016-9015Versions 1.17 and 1.18 of the Python urllib3 library suffer from a vul ...
CVE-2013-2099Algorithmic complexity vulnerability in the ssl.match_hostname functio ...

Security announcements

DSA / DLADescription
DLA-2686-1python-urllib3 - security update
DLA-1828-1python-urllib3 - security update

Search for package or bug name: Reporting problems