漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
urllib3 allows an unbounded number of links in the decompression chain
Vulnerability Description
urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps leading to high CPU usage and massive memory allocation for the decompressed data. This vulnerability is fixed in 2.6.0.
CVSS Information
N/A
Vulnerability Type
不加限制或调节的资源分配
Vulnerability Title
urllib3 安全漏洞
Vulnerability Description
urllib3是urllib3开源的一款Python HTTP库。该产品具有线程安全连接池、文件发布支持等。 urllib3 1.24版本至2.6.0之前版本存在安全漏洞,该漏洞源于解压链中的链接数量无限制,可能导致高CPU使用率和大量内存分配。
CVSS Information
N/A
Vulnerability Type
N/A