]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core-contrib.git/commit
projects / thirdparty / openembedded / openembedded-core-contrib.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: ead0d06) | patch
python3-urllib3: fix CVE-2025-50181
authorYogita Urade <yogita.urade@windriver.com>
Thu, 26 Jun 2025 11:54:58 +0000 (17:24 +0530)
committerSteve Sakoman <steve@sakoman.com>
Thu, 26 Jun 2025 15:46:27 +0000 (08:46 -0700)
commit819273b5b8b9279c01035cb72377fd8cbb51a198
treec785d4175d3f3568176db3b481786dd91fbaf19ctree
parentead0d06d6335fb74c1ae0dc7bdcf414c66b3e4abcommit | diff
python3-urllib3: fix CVE-2025-50181

urllib3 is a user-friendly HTTP client library for Python. Prior to
2.5.0, it is possible to disable redirects for all requests by
instantiating a PoolManager and specifying retries in a way that
disable redirects. By default, requests and botocore users are not
affected. An application attempting to mitigate SSRF or open redirect
vulnerabilities by disabling redirects at the PoolManager level will
remain vulnerable. This issue has been patched in version 2.5.0.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-50181

Upstream patch:
https://github.com/urllib3/urllib3/commit/f05b1329126d5be6de501f9d1e3e36738bc08857

Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
meta/recipes-devtools/python/python3-urllib3/CVE-2025-50181.patch [new file with mode: 0644] blob
meta/recipes-devtools/python/python3-urllib3_2.3.0.bb diff | blob | blame | history
Mirror of git://git.openembedded.org/openembedded-core-contrib