Vulnerabilidades en urllib3
11 resultadosCVE-2023-43804MEDIUM`Cookie` HTTP header isn't stripped on cross-origin redirectsEPSS 1.2%CVE-2024-37891MEDIUMProxy-Authorization request header isn't stripped during cross-origin redirects in urllib3EPSS 1.1%CVE-2026-21441HIGHurllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)EPSS 0.7%CVE-2025-66418HIGHurllib3 allows an unbounded number of links in the decompression chainEPSS 0.6%CVE-2025-66471HIGHurllib3 Streaming API improperly handles highly compressed dataEPSS 0.6%CVE-2023-45803MEDIUMRequest body not stripped after redirect in urllib3EPSS 0.5%CVE-2026-44431HIGHurllib3: Sensitive headers forwarded across origins in proxied low-level redirectsEPSS 0.5%CVE-2025-50181MEDIUMurllib3 redirects are not disabled when retries are disabled on PoolManager instantiationEPSS 0.4%CVE-2026-44432HIGHurllib3: Decompression-bomb safeguards bypassed in parts of the streaming APIEPSS 0.4%CVE-2025-50182MEDIUMurllib3 does not control redirects in browsers and Node.jsEPSS 0.3%CVE-2026-9375HIGHDecompression Bomb Bypass via Negative max_length in Streaming API in urllib3EPSS 0.3%