CNNVD-202512-668 Information
CNNVD ID
CNNVD-202512-668
Related CVE
- CNNVD Published: 2025-12-05
Description (Chinese)
urllib3是urllib3开源的一款Python HTTP库。该产品具有线程安全连接池、文件发布支持等。 urllib3 1.0版本至2.6.0之前版本存在安全漏洞,该漏洞源于Streaming API处理高度压缩数据不当,可能导致资源消耗过高。
Description (English)
urllib3 is a Python HTTP library of the open source of urllib3. The product has a linear secure connection pool, document release support, etc. There was a security gap in the pre-versions of urllib3 1.0 to 2.6.0, which stemmed from the inappropriate processing of highly compressed data by Streaming API, which could lead to overconsumption of resources.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
urllib3
Published
2025-12-05
Last Modified
2026-02-24
References
https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37 https://github.com/urllib3/urllib3/commit/c19571de34c47de3a766541b041637ba5f716ed7 https://vigilance.fr/vulnerability/urllib3-overload-via-Streaming-API-Compressed-Response-49077 https://access.redhat.com/security/cve/cve-2025-66471
Patch
https://github.com/urllib3/urllib3/releases
Share on: