Synopsis:
python-urllib3 security updateSummary:
An update for python-urllib3 is now available for openEuler-24.03-LTS-SP2Description:
HTTP library with thread-safe connection pooling, file post support, sanity friendly, and more.
Security Fix(es):
urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps leading to high CPU usage and massive memory allocation for the decompressed data. This vulnerability is fixed in 2.6.0.(CVE-2025-66418)Topic:
An update for python-urllib3 is now available for openEuler-24.03-LTS-SP2.
openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.Severity:
HighAffected Component:
python-urllib3
1.26.18-4.oe2403sp21.26.18-4.oe2403sp2Exploitability
AV:NAC:LPR:NUI:N8.9/CVSS:3.1/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H