Information on source package python-urllib3

Available versions

Bug	jessie	stretch	buster	bullseye	bookworm	trixie	sid	Description
CVE-2024-37891	vulnerable (no DSA, postponed)	vulnerable (no DSA, postponed)	vulnerable (no DSA, postponed)	vulnerable (no DSA)	vulnerable (no DSA)	vulnerable	vulnerable	urllib3 is a user-friendly HTTP client library for Python. When using ...
CVE-2023-45803	fixed	fixed	fixed	vulnerable (no DSA)	vulnerable (no DSA)	fixed	fixed	urllib3 is a user-friendly HTTP client library for Python. urllib3 pre ...
CVE-2023-43804	fixed	fixed	fixed	vulnerable (no DSA)	vulnerable (no DSA)	fixed	fixed	urllib3 is a user-friendly HTTP client library for Python. urllib3 doe ...
CVE-2021-33503	vulnerable (no DSA, ignored)	fixed	fixed	fixed	fixed	fixed	fixed	An issue was discovered in urllib3 before 1.26.5. When provided with a ...
CVE-2020-26137	vulnerable (no DSA)	fixed	fixed	fixed	fixed	fixed	fixed	urllib3 before 1.25.9 allows CRLF injection if the attacker controls t ...

Bug	Description
CVE-2021-28363	The urllib3 library 1.26.x before 1.26.4 for Python omits SSL certific ...
CVE-2020-7212	The _encode_invalid_chars function in util/url.py in the urllib3 libra ...
CVE-2019-11324	The urllib3 library before 1.24.2 for Python mishandles certain cases ...
CVE-2019-11236	In the urllib3 library through 1.24.1 for Python, CRLF injection is po ...
CVE-2018-25091	urllib3 before 1.24.2 does not remove the authorization HTTP header wh ...
CVE-2018-20060	urllib3 before version 1.23 does not remove the Authorization HTTP hea ...
CVE-2016-9015	Versions 1.17 and 1.18 of the Python urllib3 library suffer from a vul ...
CVE-2013-2099	Algorithmic complexity vulnerability in the ssl.match_hostname functio ...

DSA / DLA	Description
ELA-1014-1	python-urllib3 - security update
DLA-3649-1	python-urllib3 - security update
DLA-3610-1	python-urllib3 - security update
DLA-2686-1	python-urllib3 - security update
DLA-1828-1	python-urllib3 - security update