]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core-contrib.git/commit
projects / thirdparty / openembedded / openembedded-core-contrib.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: a2e75ca) | patch
python3-urllib3: fix CVE-2025-50181
authorYogita Urade <yogita.urade@windriver.com>
Thu, 3 Jul 2025 04:46:28 +0000 (10:16 +0530)
committerSteve Sakoman <steve@sakoman.com>
Thu, 3 Jul 2025 20:10:12 +0000 (13:10 -0700)
commit574146765ea3f9b36532abf4ebc8bd2976396f0b
treec9535efbe679503503798b37f5dd478a25e55d1etree | snapshot
parenta2e75ca4fa01d5005906fb88d28d52ea951def00commit | diff
python3-urllib3: fix CVE-2025-50181

urllib3 is a user-friendly HTTP client library for Python. Prior to
2.5.0, it is possible to disable redirects for all requests by
instantiating a PoolManager and specifying retries in a way that
disable redirects. By default, requests and botocore users are not
affected. An application attempting to mitigate SSRF or open redirect
vulnerabilities by disabling redirects at the PoolManager level will
remain vulnerable. This issue has been patched in version 2.5.0.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-50181

Upstream patch:
https://github.com/urllib3/urllib3/commit/f05b1329126d5be6de501f9d1e3e36738bc08857

Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
meta/recipes-devtools/python/python3-urllib3/CVE-2025-50181.patch [new file with mode: 0644] blob
meta/recipes-devtools/python/python3-urllib3_1.26.18.bb diff | blob | blame | history
Mirror of git://git.openembedded.org/openembedded-core-contrib