urllib3
Safeguard articles tagged "urllib3" — guides, analysis, and best practices for software supply chain and application security.
5 articles
urllib3 CA certificate verification bypass (CVE-2019-11324)
CVE-2019-11324 let urllib3 silently trust unintended CAs during custom certificate validation, undermining pinned-trust and mTLS setups.
urllib3 regular expression denial of service (CVE-2021-33503)
A deep dive into CVE-2021-33503, the urllib3 ReDoS flaw in Python's core HTTP library, its real-world exposure, and how to remediate it.
urllib3 cookie/auth header leak on cross-origin redirect (CVE-2023-43804)
CVE-2023-43804 lets urllib3 leak Cookie headers on cross-origin redirects. See affected versions, severity context, and how to remediate fast.
CVE-2021-33503: ReDoS in urllib3 URL authority parsing
CVE-2021-33503 exposes urllib3 before 1.26.5 to a ReDoS in URL authority parsing, letting attacker URLs exhaust CPU. What to patch and why.
CVE-2020-26137: CRLF injection in urllib3 header handling
CVE-2020-26137 let attackers inject CRLF sequences into urllib3-built HTTP requests. Here's the impact, affected versions, and how to remediate it.