OESA-2021-1260

See a problem?
Please try reporting it to the source first.

Source

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2021-1260

Import Source

https://repo.openeuler.org/security/data/osv/OESA-2021-1260.json

JSON Data

https://api.test.osv.dev/v1/vulns/OESA-2021-1260

Upstream

CVE-2021-33503

Published

2021-07-10T11:03:02Z

Modified

2025-08-12T05:08:29.182851Z

Summary

python-urllib3 security update

Details

Security Fix(es):

An issue was discovered in urllib3 before 1.26.5. When provided with a URL containing many @ characters in the authority component, the authority regular expression exhibits catastrophic backtracking, causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect.(CVE-2021-33503)

Database specific

{
    "severity": "High"
}

References

Affected packages

openEuler:20.03-LTS-SP1 / python-urllib3

Package

Name: python-urllib3
Purl: pkg:rpm/openEuler/python-urllib3&distro=openEuler-20.03-LTS-SP1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.25.9-3.oe1

Ecosystem specific

{
    "src": [
        "python-urllib3-1.25.9-3.oe1.src.rpm"
    ],
    "noarch": [
        "python2-urllib3-1.25.9-3.oe1.noarch.rpm",
        "python3-urllib3-1.25.9-3.oe1.noarch.rpm"
    ]
}