Количество 6
Количество 6
CVE-2021-28363
The urllib3 library 1.26.x before 1.26.4 for Python omits SSL certificate validation in some cases involving HTTPS to HTTPS proxies. The initial connection to the HTTPS proxy (if an SSLContext isn't given via proxy_config) doesn't verify the hostname of the certificate. This means certificates for different servers that still validate properly with the default urllib3 SSLContext will be silently accepted.
CVE-2021-28363
The urllib3 library 1.26.x before 1.26.4 for Python omits SSL certificate validation in some cases involving HTTPS to HTTPS proxies. The initial connection to the HTTPS proxy (if an SSLContext isn't given via proxy_config) doesn't verify the hostname of the certificate. This means certificates for different servers that still validate properly with the default urllib3 SSLContext will be silently accepted.
CVE-2021-28363
The urllib3 library 1.26.x before 1.26.4 for Python omits SSL certificate validation in some cases involving HTTPS to HTTPS proxies. The initial connection to the HTTPS proxy (if an SSLContext isn't given via proxy_config) doesn't verify the hostname of the certificate. This means certificates for different servers that still validate properly with the default urllib3 SSLContext will be silently accepted.
CVE-2021-28363
The urllib3 library 1.26.x before 1.26.4 for Python omits SSL certific ...
GHSA-5phf-pp7p-vc2r
Using default SSLContext for HTTPS requests in an HTTPS proxy doesn't verify certificate hostname for proxy connection
BDU:2025-04191
Уязвимость HTTP библиотеки Urllib3 языка программирования Python, связанная с ошибками процедуры подтверждения подлинности сертификата, позволяющая нарушителю получить доступ к конфиденциальным данным и нарушить их целостность
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2021-28363 The urllib3 library 1.26.x before 1.26.4 for Python omits SSL certificate validation in some cases involving HTTPS to HTTPS proxies. The initial connection to the HTTPS proxy (if an SSLContext isn't given via proxy_config) doesn't verify the hostname of the certificate. This means certificates for different servers that still validate properly with the default urllib3 SSLContext will be silently accepted. | CVSS3: 6.5 | 0% Низкий | почти 5 лет назад |
 | CVE-2021-28363 The urllib3 library 1.26.x before 1.26.4 for Python omits SSL certificate validation in some cases involving HTTPS to HTTPS proxies. The initial connection to the HTTPS proxy (if an SSLContext isn't given via proxy_config) doesn't verify the hostname of the certificate. This means certificates for different servers that still validate properly with the default urllib3 SSLContext will be silently accepted. | CVSS3: 6.5 | 0% Низкий | почти 5 лет назад |
 | CVE-2021-28363 The urllib3 library 1.26.x before 1.26.4 for Python omits SSL certificate validation in some cases involving HTTPS to HTTPS proxies. The initial connection to the HTTPS proxy (if an SSLContext isn't given via proxy_config) doesn't verify the hostname of the certificate. This means certificates for different servers that still validate properly with the default urllib3 SSLContext will be silently accepted. | CVSS3: 6.5 | 0% Низкий | почти 5 лет назад |
| CVE-2021-28363 The urllib3 library 1.26.x before 1.26.4 for Python omits SSL certific ... | CVSS3: 6.5 | 0% Низкий | почти 5 лет назад |
| GHSA-5phf-pp7p-vc2r Using default SSLContext for HTTPS requests in an HTTPS proxy doesn't verify certificate hostname for proxy connection | CVSS3: 6.5 | 0% Низкий | почти 5 лет назад |
 | BDU:2025-04191 Уязвимость HTTP библиотеки Urllib3 языка программирования Python, связанная с ошибками процедуры подтверждения подлинности сертификата, позволяющая нарушителю получить доступ к конфиденциальным данным и нарушить их целостность | CVSS3: 6.5 | 0% Низкий | почти 5 лет назад |
Уязвимостей на страницу