To report a security vulnerability, please use the Tidelift security contact. Tidelift will coordinate the fix and disclosure with maintainers.
Security: urllib3/urllib3
Security
.github/SECURITY.md
-
Proxy-Authorization request header isn't stripped during cross-origin redirectsGHSA-34jh-p97f-mpxf published
Jun 17, 2024 by sethmlarsonModerate -
Request body not stripped after redirect from 303 status changes request method to GETGHSA-g4mx-q9vg-27p4 published
Oct 17, 2023 by sethmlarsonModerate -
Cookie request header isn't stripped during cross-origin redirectsGHSA-v845-jxx5-vc9f published
Oct 2, 2023 by sethmlarsonModerate -
Catastrophic backtracking in URL authority parser when passed URL containing many @ charactersGHSA-q2q7-5pp4-w6pg published
May 26, 2021 by sethmlarsonModerate -
Using default SSLContext for HTTPS requests in an HTTPS proxy doesn't verify certificate hostname for proxy connectionGHSA-5phf-pp7p-vc2r published
Mar 15, 2021 by sethmlarsonHigh
Learn more about advisories related to urllib3/urllib3 in the GitHub Advisory Database