OESA-2025-1958

See a problem?
Please try reporting it to the source first.
Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1958
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2025-1958.json
JSON Data
https://api.test.osv.dev/v1/vulns/OESA-2025-1958
Upstream
Published
2025-08-01T13:03:58Z
Modified
2025-08-12T05:51:40.794856Z
Summary
python-urllib3 security update
Details

HTTP library with thread-safe connection pooling, file post support, sanity friendly, and more.

Security Fix(es):

urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a PoolManager and specifying retries in a way that disable redirects. By default, requests and botocore users are not affected. An application attempting to mitigate SSRF or open redirect vulnerabilities by disabling redirects at the PoolManager level will remain vulnerable. This issue has been patched in version 2.5.0.(CVE-2025-50181)

Database specific 
{
    "severity": "Medium"
}
References

Affected packages

openEuler:24.03-LTS-SP1 / python-urllib3

Package

Name
python-urllib3
Purl
pkg:rpm/openEuler/python-urllib3&distro=openEuler-24.03-LTS-SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.26.18-3.oe2403sp1

Ecosystem specific 

{
    "src": [
        "python-urllib3-1.26.18-3.oe2403sp1.src.rpm"
    ],
    "noarch": [
        "python3-urllib3-1.26.18-3.oe2403sp1.noarch.rpm"
    ]
}

openEuler:24.03-LTS-SP2 / python-urllib3

Package

Name
python-urllib3
Purl
pkg:rpm/openEuler/python-urllib3&distro=openEuler-24.03-LTS-SP2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.26.18-3.oe2403sp2

Ecosystem specific 

{
    "src": [
        "python-urllib3-1.26.18-3.oe2403sp2.src.rpm"
    ],
    "noarch": [
        "python3-urllib3-1.26.18-3.oe2403sp2.noarch.rpm"
    ]
}

openEuler:20.03-LTS-SP4 / python-urllib3

Package

Name
python-urllib3
Purl
pkg:rpm/openEuler/python-urllib3&distro=openEuler-20.03-LTS-SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.25.9-12.oe2003sp4

Ecosystem specific 

{
    "src": [
        "python-urllib3-1.25.9-12.oe2003sp4.src.rpm"
    ],
    "noarch": [
        "python2-urllib3-1.25.9-12.oe2003sp4.noarch.rpm",
        "python3-urllib3-1.25.9-12.oe2003sp4.noarch.rpm"
    ]
}

openEuler:22.03-LTS-SP3 / python-urllib3

Package

Name
python-urllib3
Purl
pkg:rpm/openEuler/python-urllib3&distro=openEuler-22.03-LTS-SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.26.12-8.oe2203sp3

Ecosystem specific 

{
    "src": [
        "python-urllib3-1.26.12-8.oe2203sp3.src.rpm"
    ],
    "noarch": [
        "python3-urllib3-1.26.12-8.oe2203sp3.noarch.rpm"
    ]
}

openEuler:22.03-LTS-SP4 / python-urllib3

Package

Name
python-urllib3
Purl
pkg:rpm/openEuler/python-urllib3&distro=openEuler-22.03-LTS-SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.26.12-8.oe2203sp4

Ecosystem specific 

{
    "src": [
        "python-urllib3-1.26.12-8.oe2203sp4.src.rpm"
    ],
    "noarch": [
        "python3-urllib3-1.26.12-8.oe2203sp4.noarch.rpm"
    ]
}

openEuler:24.03-LTS / python-urllib3

Package

Name
python-urllib3
Purl
pkg:rpm/openEuler/python-urllib3&distro=openEuler-24.03-LTS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.26.18-3.oe2403

Ecosystem specific 

{
    "src": [
        "python-urllib3-1.26.18-3.oe2403sp1.src.rpm",
        "python-urllib3-1.26.18-3.oe2403sp2.src.rpm",
        "python-urllib3-1.26.18-3.oe2403.src.rpm"
    ],
    "noarch": [
        "python3-urllib3-1.26.18-3.oe2403sp1.noarch.rpm",
        "python3-urllib3-1.26.18-3.oe2403sp2.noarch.rpm",
        "python3-urllib3-1.26.18-3.oe2403.noarch.rpm"
    ]
}