VYPR

apk package

chainguard/aws-cli-1

pkg:apk/chainguard/aws-cli-1

Vulnerabilities (2)

  • CVE-2026-44432HigMay 13, 2026
    affected < 1.45.7-r0fixed 1.45.7-r0

    urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion (1) during the second HTTPResponse.read(amt=N) call when the response was decompressed using the official Brotli library or (2) w

  • CVE-2026-44431MedMay 13, 2026
    affected < 1.45.7-r0fixed 1.45.7-r0

    urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connection_from_url().urlopen(..., assert_same_host=False) still forward these sensitive headers. This vulnerability is fixed in 2.7.0.