CVE-2025-50181 Information

Jun 20, 2025 cve

Description

urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0 it is possible to disable redirects for all requests by instantiating a PoolManager and specifying retries in a way that disable redirects. By default requests and botocore users are not affected. An application attempting to mitigate SSRF or open redirect vulnerabilities by disabling redirects at the PoolManager level will remain vulnerable. This issue has been patched in version 2.5.0.

Reference

https://github.com/urllib3/urllib3/commit/f05b1329126d5be6de501f9d1e3e36738bc08857 https://github.com/urllib3/urllib3/commit/f05b1329126d5be6de501f9d1e3e36738bc08857 https://github.com/urllib3/urllib3/security/advisories/GHSA-pq67-6m6q-mj2v https://github.com/urllib3/urllib3/security/advisories/GHSA-pq67-6m6q-mj2v urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0 it is possible to disable redirects for all requests by instantiating a PoolManager and specifying retries in a way that disable redirects. By default requests and botocore users are not affected. An application attempting to mitigate SSRF or open redirect vulnerabilities by disabling redirects at the PoolManager level will remain vulnerable. This issue has been patched in version 2.5.0.

CNNVD-202506-2561 (Published: 2025-06-19)

Share on:

CVE-2025-50181 Information

Description

Reference

Related CNNVD