urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)
Description
urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header (e.g., gzip, deflate, br, or zstd). When using the streaming API, the library decompresses only the necessary bytes, enabling partial content consumption. Starting in version 1.22 and prior to version 2.6.3, for HTTP redirect responses, the library would read the entire response body to drain the connection and decompress the content unnecessarily. This decompression occurred even before any read methods were called, and configured read limits did not restrict the amount of decompressed data. As a result, there was no safeguard against decompression bombs. A malicious server could exploit this to trigger excessive resource consumption on the client. Applications and libraries are affected when they stream content from untrusted sources by setting preload_content=False when they do not disable redirects. Users should upgrade to at least urllib3 v2.6.3, in which the library does not decode content of redirect responses when preload_content=False. If upgrading is not immediately possible, disable redirects by setting redirect=False for requests to untrusted source.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
urllib3PyPI | >= 1.22, < 2.6.3 | 2.6.3 |
Affected products
226- osv-coords225 versionspkg:apk/chainguard/airflow-2pkg:apk/chainguard/airflow-3pkg:apk/chainguard/airflow-core-2pkg:apk/chainguard/airflow-core-3pkg:apk/chainguard/ansible-operatorpkg:apk/chainguard/ansible-operator-fipspkg:apk/chainguard/apache-beam-python-3.11-sdkpkg:apk/chainguard/authentikpkg:apk/chainguard/authentik-fipspkg:apk/chainguard/awxpkg:apk/chainguard/azpkg:apk/chainguard/azure-functions-host-python3.11-workerpkg:apk/chainguard/azure-functions-host-python3.12-workerpkg:apk/chainguard/azure-functions-host-python3.13-workerpkg:apk/chainguard/checkovpkg:apk/chainguard/confluent-docker-utilspkg:apk/chainguard/dask-gatewaypkg:apk/chainguard/dask-gateway-serverpkg:apk/chainguard/dask-kubernetespkg:apk/chainguard/datadog-agent-7.71pkg:apk/chainguard/datadog-agent-7.71-core-integrationspkg:apk/chainguard/datadog-agent-7.72pkg:apk/chainguard/datadog-agent-7.73pkg:apk/chainguard/datadog-agent-7.74pkg:apk/chainguard/datadog-agent-7.75pkg:apk/chainguard/datadog-agent-7.75-core-integrationspkg:apk/chainguard/datadog-agent-7.76pkg:apk/chainguard/datadog-agent-7.76-core-integrationspkg:apk/chainguard/datadog-agent-7.77pkg:apk/chainguard/datadog-agent-7.77-core-integrationspkg:apk/chainguard/datadog-agent-fips-7.71pkg:apk/chainguard/datadog-agent-fips-7.71-core-integrationspkg:apk/chainguard/datadog-agent-fips-7.72pkg:apk/chainguard/datadog-agent-fips-7.72-core-integrationspkg:apk/chainguard/datadog-agent-fips-7.73pkg:apk/chainguard/datadog-agent-fips-7.73-core-integrationspkg:apk/chainguard/datadog-agent-fips-7.74pkg:apk/chainguard/datadog-agent-fips-7.75pkg:apk/chainguard/datadog-agent-fips-7.75-core-integrationspkg:apk/chainguard/datadog-agent-fips-7.76pkg:apk/chainguard/datadog-agent-fips-7.76-core-integrationspkg:apk/chainguard/datadog-agent-fips-7.77pkg:apk/chainguard/datadog-agent-fips-7.77-core-integrationspkg:apk/chainguard/ggshieldpkg:apk/chainguard/graalvm-25-graalpy-venvpkg:apk/chainguard/jupyter-base-notebookpkg:apk/chainguard/jwt-toolpkg:apk/chainguard/k8s-sidecarpkg:apk/chainguard/katib-earlystoppingpkg:apk/chainguard/katib-suggestion-hyperbandpkg:apk/chainguard/katib-suggestion-hyperoptpkg:apk/chainguard/katib-suggestion-nas-dartspkg:apk/chainguard/katib-suggestion-optuna-enaspkg:apk/chainguard/katib-suggestion-pbt-enaspkg:apk/chainguard/katib-suggestion-skopt-enaspkg:apk/chainguard/kserve-storage-controllerpkg:apk/chainguard/kubeflow-jupyter-web-apppkg:apk/chainguard/kubeflow-pipelines-apiserverpkg:apk/chainguard/kubeflow-volumes-web-apppkg:apk/chainguard/label-studiopkg:apk/chainguard/localstackpkg:apk/chainguard/mlflowpkg:apk/chainguard/mlflow-iamguarded-compatpkg:apk/chainguard/nemopkg:apk/chainguard/opentelemetry-python-instrumentationpkg:apk/chainguard/open-webuipkg:apk/chainguard/pgadmin4pkg:apk/chainguard/pgadmin4-fipspkg:apk/chainguard/py3.10-ambassadorpkg:apk/chainguard/py3.10-pip-basepkg:apk/chainguard/py3.10-pipenvpkg:apk/chainguard/py3.11-pip-basepkg:apk/chainguard/py3.11-pipenvpkg:apk/chainguard/py3.11-text-generation-inferencepkg:apk/chainguard/py3.12-pip-basepkg:apk/chainguard/py3.12-pipenvpkg:apk/chainguard/py3.13-pip-basepkg:apk/chainguard/py3.13-pipenvpkg:apk/chainguard/py3.13-scanner-test-librariespkg:apk/chainguard/py3.14-pip-basepkg:apk/chainguard/py3.14-prefectpkg:apk/chainguard/py3-cassandra-medusapkg:apk/chainguard/py3-hashinpkg:apk/chainguard/pypy-3.10pkg:apk/chainguard/pypy-3.11pkg:apk/chainguard/request-1276pkg:apk/chainguard/tensorflow-cpu-jupyterpkg:apk/chainguard/tensorflow-gpu-jupyterpkg:apk/wolfi/airflow-3pkg:apk/wolfi/ansible-operatorpkg:apk/wolfi/azpkg:apk/wolfi/checkovpkg:apk/wolfi/confluent-docker-utilspkg:apk/wolfi/dask-gatewaypkg:apk/wolfi/dask-gateway-serverpkg:apk/wolfi/dask-kubernetespkg:apk/wolfi/datadog-agent-7.72pkg:apk/wolfi/datadog-agent-7.73pkg:apk/wolfi/datadog-agent-7.74pkg:apk/wolfi/datadog-agent-7.75pkg:apk/wolfi/datadog-agent-7.75-core-integrationspkg:apk/wolfi/datadog-agent-7.76pkg:apk/wolfi/datadog-agent-7.76-core-integrationspkg:apk/wolfi/datadog-agent-7.77pkg:apk/wolfi/datadog-agent-7.77-core-integrationspkg:apk/wolfi/ggshieldpkg:apk/wolfi/jupyter-base-notebookpkg:apk/wolfi/jwt-toolpkg:apk/wolfi/k8s-sidecarpkg:apk/wolfi/katib-earlystoppingpkg:apk/wolfi/katib-suggestion-hyperbandpkg:apk/wolfi/katib-suggestion-hyperoptpkg:apk/wolfi/katib-suggestion-nas-dartspkg:apk/wolfi/katib-suggestion-optuna-enaspkg:apk/wolfi/katib-suggestion-pbt-enaspkg:apk/wolfi/katib-suggestion-skopt-enaspkg:apk/wolfi/kserve-storage-controllerpkg:apk/wolfi/kubeflow-jupyter-web-apppkg:apk/wolfi/kubeflow-pipelines-apiserverpkg:apk/wolfi/kubeflow-volumes-web-apppkg:apk/wolfi/mlflowpkg:apk/wolfi/mlflow-iamguarded-compatpkg:apk/wolfi/open-webuipkg:apk/wolfi/py3.10-ambassadorpkg:apk/wolfi/py3.10-pip-basepkg:apk/wolfi/py3.10-pipenvpkg:apk/wolfi/py3.11-pip-basepkg:apk/wolfi/py3.11-pipenvpkg:apk/wolfi/py3.12-pip-basepkg:apk/wolfi/py3.12-pipenvpkg:apk/wolfi/py3.13-pip-basepkg:apk/wolfi/py3.13-pipenvpkg:apk/wolfi/py3.14-pip-basepkg:apk/wolfi/py3-cassandra-medusapkg:apk/wolfi/pypy-3.10pkg:apk/wolfi/pypy-3.11pkg:apk/wolfi/tensorflow-cpu-jupyterpkg:pypi/urllib3pkg:rpm/almalinux/fence-agents-aliyunpkg:rpm/almalinux/fence-agents-allpkg:rpm/almalinux/fence-agents-amt-wspkg:rpm/almalinux/fence-agents-apcpkg:rpm/almalinux/fence-agents-apc-snmppkg:rpm/almalinux/fence-agents-awspkg:rpm/almalinux/fence-agents-azure-armpkg:rpm/almalinux/fence-agents-bladecenterpkg:rpm/almalinux/fence-agents-brocadepkg:rpm/almalinux/fence-agents-cisco-mdspkg:rpm/almalinux/fence-agents-cisco-ucspkg:rpm/almalinux/fence-agents-commonpkg:rpm/almalinux/fence-agents-computepkg:rpm/almalinux/fence-agents-drac5pkg:rpm/almalinux/fence-agents-eaton-snmppkg:rpm/almalinux/fence-agents-emersonpkg:rpm/almalinux/fence-agents-epspkg:rpm/almalinux/fence-agents-gcepkg:rpm/almalinux/fence-agents-heuristics-pingpkg:rpm/almalinux/fence-agents-hpbladepkg:rpm/almalinux/fence-agents-ibmbladepkg:rpm/almalinux/fence-agents-ibm-powervspkg:rpm/almalinux/fence-agents-ibm-vpcpkg:rpm/almalinux/fence-agents-ifmibpkg:rpm/almalinux/fence-agents-ilo2pkg:rpm/almalinux/fence-agents-ilo-moonshotpkg:rpm/almalinux/fence-agents-ilo-mppkg:rpm/almalinux/fence-agents-ilo-sshpkg:rpm/almalinux/fence-agents-intelmodularpkg:rpm/almalinux/fence-agents-ipdupkg:rpm/almalinux/fence-agents-ipmilanpkg:rpm/almalinux/fence-agents-kdumppkg:rpm/almalinux/fence-agents-kubevirtpkg:rpm/almalinux/fence-agents-lparpkg:rpm/almalinux/fence-agents-mpathpkg:rpm/almalinux/fence-agents-nutanix-ahvpkg:rpm/almalinux/fence-agents-openstackpkg:rpm/almalinux/fence-agents-redfishpkg:rpm/almalinux/fence-agents-rhevmpkg:rpm/almalinux/fence-agents-rsapkg:rpm/almalinux/fence-agents-rsbpkg:rpm/almalinux/fence-agents-sbdpkg:rpm/almalinux/fence-agents-scsipkg:rpm/almalinux/fence-agents-virshpkg:rpm/almalinux/fence-agents-vmware-restpkg:rpm/almalinux/fence-agents-vmware-soappkg:rpm/almalinux/fence-agents-wtipkg:rpm/almalinux/fence-agents-zvmpkg:rpm/almalinux/fence-virtpkg:rpm/almalinux/fence-virtdpkg:rpm/almalinux/fence-virtd-cpgpkg:rpm/almalinux/fence-virtd-libvirtpkg:rpm/almalinux/fence-virtd-multicastpkg:rpm/almalinux/fence-virtd-serialpkg:rpm/almalinux/fence-virtd-tcppkg:rpm/almalinux/ha-cloud-supportpkg:rpm/almalinux/python3.11-urllib3pkg:rpm/almalinux/python3.12-urllib3pkg:rpm/almalinux/python3-urllib3pkg:rpm/almalinux/resource-agentspkg:rpm/almalinux/resource-agents-aliyunpkg:rpm/almalinux/resource-agents-gcppkg:rpm/almalinux/resource-agents-pafpkg:rpm/opensuse/oci-cli&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/python-urllib3_1&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/python-urllib3_1&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/python-urllib3_1&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/python-urllib3&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/python-urllib3&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/python-urllib3&distro=openSUSE%20Tumbleweedpkg:rpm/suse/python-urllib3_1&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%203%2015%20SP7pkg:rpm/suse/python-urllib3_1&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/python-urllib3_1&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/python-urllib3&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/python-urllib3&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/python-urllib3&distro=SUSE%20Linux%20Enterprise%20Micro%205.4pkg:rpm/suse/python-urllib3&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/python-urllib3&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/python-urllib3&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2012pkg:rpm/suse/python-urllib3&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP4pkg:rpm/suse/python-urllib3&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%203%2015%20SP7pkg:rpm/suse/python-urllib3&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/python-urllib3&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/python-urllib3&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5pkg:rpm/suse/python-urllib3&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/python-urllib3&distro=SUSE%20Linux%20Micro%206.1pkg:rpm/suse/python-urllib3&distro=SUSE%20Linux%20Micro%206.2
< 2.11.0-r20+ 224 more
- (no CPE)range: < 2.11.0-r20
- (no CPE)range: < 3.1.5-r3
- (no CPE)range: < 2.11.0-r12
- (no CPE)range: < 3.1.5-r1
- (no CPE)range: < 1.42.2-r2
- (no CPE)range: < 1.42.2-r2
- (no CPE)range: < 2.70.0-r2
- (no CPE)range: < 2025.10.3-r4
- (no CPE)range: < 2025.10.3-r1
- (no CPE)range: < 24.6.1-r33
- (no CPE)range: < 2.82.0-r0
- (no CPE)range: < 4.1048.200-r1
- (no CPE)range: < 4.1048.200-r1
- (no CPE)range: < 4.1048.200-r1
- (no CPE)range: < 3.2.499-r0
- (no CPE)range: < 0.0.163-r1
- (no CPE)range: < 2025.4.0-r7
- (no CPE)range: < 2025.4.0-r7
- (no CPE)range: < 2025.7.0-r5
- (no CPE)range: < 7.71.2-r17
- (no CPE)range: < 7.71.2-r17
- (no CPE)range: < 7.72.4-r22
- (no CPE)range: < 7.73.3-r13
- (no CPE)range: < 7.74.1-r15
- (no CPE)range: < 7.75.4-r7
- (no CPE)range: < 7.75.4-r7
- (no CPE)range: < 7.76.3-r15
- (no CPE)range: < 7.76.3-r15
- (no CPE)range: < 7.77.3-r6
- (no CPE)range: < 7.77.3-r6
- (no CPE)range: < 7.71.2-r10
- (no CPE)range: < 7.71.2-r10
- (no CPE)range: < 7.72.4-r9
- (no CPE)range: < 7.72.4-r9
- (no CPE)range: < 7.73.3-r7
- (no CPE)range: < 7.73.3-r7
- (no CPE)range: < 7.74.1-r12
- (no CPE)range: < 7.75.4-r5
- (no CPE)range: < 7.75.4-r5
- (no CPE)range: < 7.76.3-r12
- (no CPE)range: < 7.76.3-r12
- (no CPE)range: < 7.77.3-r7
- (no CPE)range: < 7.77.3-r7
- (no CPE)range: < 1.48.0-r0
- (no CPE)range: < 25.0.2-r11
- (no CPE)range: < 7.5.2-r0
- (no CPE)range: < 2.3.0-r3
- (no CPE)range: < 2.2.3-r1
- (no CPE)range: < 0.19.0-r13
- (no CPE)range: < 0.19.0-r14
- (no CPE)range: < 0.19.0-r14
- (no CPE)range: < 0.19.0-r14
- (no CPE)range: < 0.19.0-r14
- (no CPE)range: < 0.19.0-r13
- (no CPE)range: < 0.19.0-r13
- (no CPE)range: < 0.16.0-r8
- (no CPE)range: < 1.10.0-r9
- (no CPE)range: < 2.15.0-r6
- (no CPE)range: < 1.10.0-r7
- (no CPE)range: < 1.22.0-r1
- (no CPE)range: < 4.14.0-r6
- (no CPE)range: < 3.8.1-r1
- (no CPE)range: < 3.8.1-r1
- (no CPE)range: < 2.7.3-r2
- (no CPE)range: < 0.60.1-r1
- (no CPE)range: < 0.9.2-r0
- (no CPE)range: < 9.12-r1
- (no CPE)range: < 9.12-r1
- (no CPE)range: < 3.10.0-r16
- (no CPE)range: < 26.1.1-r0
- (no CPE)range: < 2026.6.0-r0
- (no CPE)range: < 26.1.1-r0
- (no CPE)range: < 2026.6.0-r0
- (no CPE)range: < 3.3.7-r3
- (no CPE)range: < 26.1.1-r0
- (no CPE)range: < 2026.6.0-r0
- (no CPE)range: < 26.1.1-r0
- (no CPE)range: < 2026.6.0-r0
- (no CPE)range: < 0.0.1-r3
- (no CPE)range: < 26.1.1-r0
- (no CPE)range: < 3.6.10-r0
- (no CPE)range: < 0.28.0-r1
- (no CPE)range: < 1.0.5-r5
- (no CPE)range: < 7.3.19-r16
- (no CPE)range: < 7.3.22-r0
- (no CPE)range: < 0.27.1-r1
- (no CPE)range: < 2.21.0-r2
- (no CPE)range: < 2.21.0-r2
- (no CPE)range: < 3.1.5-r3
- (no CPE)range: < 1.42.2-r2
- (no CPE)range: < 2.82.0-r0
- (no CPE)range: < 3.2.499-r0
- (no CPE)range: < 0.0.163-r1
- (no CPE)range: < 2025.4.0-r7
- (no CPE)range: < 2025.4.0-r7
- (no CPE)range: < 2025.7.0-r5
- (no CPE)range: < 7.72.4-r22
- (no CPE)range: < 7.73.3-r13
- (no CPE)range: < 7.74.1-r15
- (no CPE)range: < 7.75.4-r7
- (no CPE)range: < 7.75.4-r7
- (no CPE)range: < 7.76.3-r15
- (no CPE)range: < 7.76.3-r15
- (no CPE)range: < 7.77.3-r6
- (no CPE)range: < 7.77.3-r6
- (no CPE)range: < 1.48.0-r0
- (no CPE)range: < 7.5.2-r0
- (no CPE)range: < 2.3.0-r3
- (no CPE)range: < 2.2.3-r1
- (no CPE)range: < 0.19.0-r13
- (no CPE)range: < 0.19.0-r14
- (no CPE)range: < 0.19.0-r14
- (no CPE)range: < 0.19.0-r14
- (no CPE)range: < 0.19.0-r14
- (no CPE)range: < 0.19.0-r13
- (no CPE)range: < 0.19.0-r13
- (no CPE)range: < 0.16.0-r8
- (no CPE)range: < 1.10.0-r9
- (no CPE)range: < 2.15.0-r6
- (no CPE)range: < 1.10.0-r7
- (no CPE)range: < 3.8.1-r1
- (no CPE)range: < 3.8.1-r1
- (no CPE)range: < 0.9.2-r0
- (no CPE)range: < 3.10.0-r16
- (no CPE)range: < 26.1.1-r0
- (no CPE)range: < 2026.6.0-r0
- (no CPE)range: < 26.1.1-r0
- (no CPE)range: < 2026.6.0-r0
- (no CPE)range: < 26.1.1-r0
- (no CPE)range: < 2026.6.0-r0
- (no CPE)range: < 26.1.1-r0
- (no CPE)range: < 2026.6.0-r0
- (no CPE)range: < 26.1.1-r0
- (no CPE)range: < 0.28.0-r1
- (no CPE)range: < 7.3.19-r16
- (no CPE)range: < 7.3.22-r0
- (no CPE)range: < 2.21.0-r2
- (no CPE)range: >= 1.22, < 2.6.3
- (no CPE)range: < 4.10.0-98.el9_7.4
- (no CPE)range: < 4.10.0-98.el9_7.4
- (no CPE)range: < 4.10.0-98.el9_7.4
- (no CPE)range: < 4.10.0-98.el9_7.4
- (no CPE)range: < 4.10.0-98.el9_7.4
- (no CPE)range: < 4.10.0-98.el9_7.4
- (no CPE)range: < 4.10.0-98.el9_7.4
- (no CPE)range: < 4.10.0-98.el9_7.4
- (no CPE)range: < 4.10.0-98.el9_7.4
- (no CPE)range: < 4.10.0-98.el9_7.4
- (no CPE)range: < 4.10.0-98.el9_7.4
- (no CPE)range: < 4.10.0-98.el9_7.4
- (no CPE)range: < 4.10.0-98.el9_7.4
- (no CPE)range: < 4.10.0-98.el9_7.4
- (no CPE)range: < 4.10.0-98.el9_7.4
- (no CPE)range: < 4.10.0-98.el9_7.4
- (no CPE)range: < 4.10.0-98.el9_7.4
- (no CPE)range: < 4.10.0-98.el9_7.4
- (no CPE)range: < 4.10.0-98.el9_7.4
- (no CPE)range: < 4.10.0-98.el9_7.4
- (no CPE)range: < 4.10.0-98.el9_7.4
- (no CPE)range: < 4.10.0-98.el9_7.4
- (no CPE)range: < 4.10.0-98.el9_7.4
- (no CPE)range: < 4.10.0-98.el9_7.4
- (no CPE)range: < 4.10.0-98.el9_7.4
- (no CPE)range: < 4.10.0-98.el9_7.4
- (no CPE)range: < 4.10.0-98.el9_7.4
- (no CPE)range: < 4.10.0-98.el9_7.4
- (no CPE)range: < 4.10.0-98.el9_7.4
- (no CPE)range: < 4.10.0-98.el9_7.4
- (no CPE)range: < 4.10.0-98.el9_7.4
- (no CPE)range: < 4.10.0-98.el9_7.4
- (no CPE)range: < 4.10.0-98.el9_7.4
- (no CPE)range: < 4.10.0-98.el9_7.4
- (no CPE)range: < 4.10.0-98.el9_7.4
- (no CPE)range: < 4.10.0-98.el9_7.4
- (no CPE)range: < 4.10.0-98.el9_7.4
- (no CPE)range: < 4.10.0-98.el9_7.4
- (no CPE)range: < 4.10.0-98.el9_7.4
- (no CPE)range: < 4.10.0-98.el9_7.4
- (no CPE)range: < 4.10.0-98.el9_7.4
- (no CPE)range: < 4.10.0-98.el9_7.4
- (no CPE)range: < 4.10.0-98.el9_7.4
- (no CPE)range: < 4.10.0-98.el9_7.4
- (no CPE)range: < 4.10.0-98.el9_7.4
- (no CPE)range: < 4.10.0-98.el9_7.4
- (no CPE)range: < 4.10.0-98.el9_7.4
- (no CPE)range: < 4.10.0-98.el9_7.4
- (no CPE)range: < 4.10.0-98.el9_7.4
- (no CPE)range: < 4.10.0-98.el9_7.4
- (no CPE)range: < 4.10.0-98.el9_7.4
- (no CPE)range: < 4.10.0-98.el9_7.4
- (no CPE)range: < 4.10.0-98.el9_7.4
- (no CPE)range: < 4.10.0-98.el9_7.4
- (no CPE)range: < 4.10.0-98.el9_7.4
- (no CPE)range: < 4.10.0-98.el9_7.4
- (no CPE)range: < 1.26.12-5.el9_7.1
- (no CPE)range: < 1.26.19-1.el9_7.1
- (no CPE)range: < 1.26.19-2.el10_1.1
- (no CPE)range: < 4.9.0-54.el8_10.27
- (no CPE)range: < 4.9.0-54.el8_10.27
- (no CPE)range: < 4.9.0-54.el8_10.27
- (no CPE)range: < 4.9.0-54.el8_10.27
- (no CPE)range: < 3.76.2-1.1
- (no CPE)range: < 1.26.18-150600.3.6.1
- (no CPE)range: < 1.26.20-160000.3.1
- (no CPE)range: < 1.26.20-5.1
- (no CPE)range: < 2.0.7-150400.7.24.1
- (no CPE)range: < 2.5.0-160000.3.1
- (no CPE)range: < 2.6.3-1.1
- (no CPE)range: < 1.26.18-150600.3.6.1
- (no CPE)range: < 1.26.20-160000.3.1
- (no CPE)range: < 1.26.20-160000.3.1
- (no CPE)range: < 1.25.10-150300.4.21.1
- (no CPE)range: < 1.25.10-150300.4.21.1
- (no CPE)range: < 1.25.10-150300.4.21.1
- (no CPE)range: < 1.25.10-150300.4.21.1
- (no CPE)range: < 1.25.10-150300.4.21.1
- (no CPE)range: < 1.25.10-3.48.4
- (no CPE)range: < 2.0.7-150400.7.24.1
- (no CPE)range: < 2.0.7-150400.7.24.1
- (no CPE)range: < 2.5.0-160000.3.1
- (no CPE)range: < 2.5.0-160000.3.1
- (no CPE)range: < 1.25.10-3.48.4
- (no CPE)range: < 2.1.0-4.1
- (no CPE)range: < 2.1.0-slfo.1.1_3.1
- (no CPE)range: < 2.5.0-160000.3.1
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-38jv-5279-wg99ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-21441ghsaADVISORY
- github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7bghsax_refsource_MISCWEB
- github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99ghsax_refsource_CONFIRMWEB
- lists.debian.org/debian-lts-announce/2026/01/msg00017.htmlghsaWEB
News mentions
0No linked articles in our index yet.