CNNVD-202506-2561 Information
CNNVD ID
CNNVD-202506-2561
Related CVE
- CNNVD Published: 2025-06-19
Description (Chinese)
urllib3是urllib3开源的一款Python HTTP库。该产品具有线程安全连接池、文件发布支持等。 urllib3 2.5.0之前版本存在输入验证错误漏洞,该漏洞源于禁用重定向的配置方式无法有效防止SSRF或开放重定向漏洞。
Description (English)
urllib3 is a Python HTTP library of the open source of urllib3. The product has a linear secure connection pool, document release support, etc. Pre-urllib3 2.5.0 has an input authentication error loophole, which stems from the fact that a re-direction configuration is not effective in preventing or opening a re-direction gap.
Hazard Level
High
Vulnerability Type
输入验证错误
Affected Vendor
urllib3
Published
2025-06-19
Last Modified
2026-02-24
References
https://github.com/urllib3/urllib3/commit/f05b1329126d5be6de501f9d1e3e36738bc08857 https://github.com/urllib3/urllib3/security/advisories/GHSA-pq67-6m6q-mj2v https://www.oracle.com/security-alerts/cpuoct2025.html
Patch
https://github.com/urllib3/urllib3/releases
Share on: