Количество 16
Количество 16
CVE-2026-21441
urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP `Content-Encoding` header (e.g., `gzip`, `deflate`, `br`, or `zstd`). When using the streaming API, the library decompresses only the necessary bytes, enabling partial content consumption. Starting in version 1.22 and prior to version 2.6.3, for HTTP redirect responses, the library would read the entire response body to drain the connection and decompress the content unnecessarily. This decompression occurred even before any read methods were called, and configured read limits did not restrict the amount of decompressed data. As a result, there was no safeguard against decompression bombs. A malicious server could exploit this to trigger excessive resource consumption on the client. Applicat...
CVE-2026-21441
urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP `Content-Encoding` header (e.g., `gzip`, `deflate`, `br`, or `zstd`). When using the streaming API, the library decompresses only the necessary bytes, enabling partial content consumption. Starting in version 1.22 and prior to version 2.6.3, for HTTP redirect responses, the library would read the entire response body to drain the connection and decompress the content unnecessarily. This decompression occurred even before any read methods were called, and configured read limits did not restrict the amount of decompressed data. As a result, there was no safeguard against decompression bombs. A malicious server could exploit this to trigger excessive resource consumption on the client. Application
CVE-2026-21441
urllib3 is an HTTP client library for Python. urllib3's streaming API ...
openSUSE-SU-2026:20088-1
Security update for python-urllib3
SUSE-SU-2026:0255-1
Security update for python-urllib3
GHSA-38jv-5279-wg99
Decompression-bomb safeguards bypassed when following HTTP redirects (streaming API)
ELSA-2026-1254
ELSA-2026-1254: python-urllib3 security update (IMPORTANT)
ELSA-2026-1241
ELSA-2026-1241: resource-agents security update (IMPORTANT)
ELSA-2026-1240
ELSA-2026-1240: fence-agents security update (IMPORTANT)
ELSA-2026-1239
ELSA-2026-1239: fence-agents security update (IMPORTANT)
ELSA-2026-1226
ELSA-2026-1226: python3.12-urllib3 security update (IMPORTANT)
ELSA-2026-1224
ELSA-2026-1224: python3.11-urllib3 security update (IMPORTANT)
ELSA-2026-1089
ELSA-2026-1089: python3.11-urllib3 security update (IMPORTANT)
ELSA-2026-1088
ELSA-2026-1088: python3.12-urllib3 security update (IMPORTANT)
ELSA-2026-1087
ELSA-2026-1087: python-urllib3 security update (IMPORTANT)
ELSA-2026-1086
ELSA-2026-1086: python-urllib3 security update (IMPORTANT)
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2026-21441 urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP `Content-Encoding` header (e.g., `gzip`, `deflate`, `br`, or `zstd`). When using the streaming API, the library decompresses only the necessary bytes, enabling partial content consumption. Starting in version 1.22 and prior to version 2.6.3, for HTTP redirect responses, the library would read the entire response body to drain the connection and decompress the content unnecessarily. This decompression occurred even before any read methods were called, and configured read limits did not restrict the amount of decompressed data. As a result, there was no safeguard against decompression bombs. A malicious server could exploit this to trigger excessive resource consumption on the client. Applicat... | CVSS3: 7.5 | 0% Низкий | около 1 месяца назад |
 | CVE-2026-21441 urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP `Content-Encoding` header (e.g., `gzip`, `deflate`, `br`, or `zstd`). When using the streaming API, the library decompresses only the necessary bytes, enabling partial content consumption. Starting in version 1.22 and prior to version 2.6.3, for HTTP redirect responses, the library would read the entire response body to drain the connection and decompress the content unnecessarily. This decompression occurred even before any read methods were called, and configured read limits did not restrict the amount of decompressed data. As a result, there was no safeguard against decompression bombs. A malicious server could exploit this to trigger excessive resource consumption on the client. Application | CVSS3: 7.5 | 0% Низкий | около 1 месяца назад |
| CVE-2026-21441 urllib3 is an HTTP client library for Python. urllib3's streaming API ... | CVSS3: 7.5 | 0% Низкий | около 1 месяца назад |
 | openSUSE-SU-2026:20088-1 Security update for python-urllib3 | 0% Низкий | 16 дней назад | |
| SUSE-SU-2026:0255-1 Security update for python-urllib3 | 0% Низкий | 16 дней назад | |
| GHSA-38jv-5279-wg99 Decompression-bomb safeguards bypassed when following HTTP redirects (streaming API) | CVSS3: 7.5 | 0% Низкий | около 1 месяца назад |
| ELSA-2026-1254 ELSA-2026-1254: python-urllib3 security update (IMPORTANT) | 12 дней назад | ||
| ELSA-2026-1241 ELSA-2026-1241: resource-agents security update (IMPORTANT) | 12 дней назад | ||
| ELSA-2026-1240 ELSA-2026-1240: fence-agents security update (IMPORTANT) | 11 дней назад | ||
| ELSA-2026-1239 ELSA-2026-1239: fence-agents security update (IMPORTANT) | 11 дней назад | ||
| ELSA-2026-1226 ELSA-2026-1226: python3.12-urllib3 security update (IMPORTANT) | 12 дней назад | ||
| ELSA-2026-1224 ELSA-2026-1224: python3.11-urllib3 security update (IMPORTANT) | 12 дней назад | ||
| ELSA-2026-1089 ELSA-2026-1089: python3.11-urllib3 security update (IMPORTANT) | 12 дней назад | ||
| ELSA-2026-1088 ELSA-2026-1088: python3.12-urllib3 security update (IMPORTANT) | 12 дней назад | ||
| ELSA-2026-1087 ELSA-2026-1087: python-urllib3 security update (IMPORTANT) | 12 дней назад | ||
| ELSA-2026-1086 ELSA-2026-1086: python-urllib3 security update (IMPORTANT) | 12 дней назад |
Уязвимостей на страницу