Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
urllib3 does not control redirects in browsers and Node.js
Vulnerability Description
urllib3 is a user-friendly HTTP client library for Python. Starting in version 2.2.0 and prior to 2.5.0, urllib3 does not control redirects in browsers and Node.js. urllib3 supports being used in a Pyodide runtime utilizing the JavaScript Fetch API or falling back on XMLHttpRequest. This means Python libraries can be used to make HTTP requests from a browser or Node.js. Additionally, urllib3 provides a mechanism to control redirects, but the retries and redirect parameters are ignored with Pyodide; the runtime itself determines redirect behavior. This issue has been patched in version 2.5.0.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
指向未可信站点的URL重定向(开放重定向)
Vulnerability Title
urllib3 输入验证错误漏洞
Vulnerability Description
urllib3是urllib3开源的一款Python HTTP库。该产品具有线程安全连接池、文件发布支持等。 urllib3 2.5.0之前版本存在输入验证错误漏洞,该漏洞源于在Pyodide运行时中无法控制重定向行为。
CVSS Information
N/A
Vulnerability Type
N/A