CNNVD-202601-1138 Information

CNNVD ID

CNNVD-202601-1138

Related CVE

CVE-2026-21441

• CNNVD Published: 2026-01-07

Description (Chinese)

urllib3是urllib3开源的一款Python HTTP库。该产品具有线程安全连接池、文件发布支持等。 urllib3 2.6.3之前版本存在安全漏洞，该漏洞源于处理HTTP重定向响应时未限制解压缩数据量，可能导致资源消耗过多。

Description (English)

urllib3 is a Python HTTP library of the open source of urllib3. The product has a linear secure connection pool, document release support, etc. The security gap in the previous version of urllib3 2.6.3 arises from the fact that there is no limit to the volume of decompressed data when dealing with HTTP re-directed responses, which may result in over-consumption of resources.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

urllib3

Published

2026-01-07

Last Modified

2026-02-24

References

https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99

Patch

https://urllib3.readthedocs.io/en/stable/