Headline
CVE-2019-11324: Comparing a6ec68a...1efadf4 · urllib3/urllib3
The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure is the correct outcome. This is related to use of the ssl_context, ca_certs, or ca_certs_dir argument.
Permalink
Comparing changes
Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also .
Open a pull request
Create a new pull request by comparing changes across two branches. If you need to, you can also .
base repository: urllib3/urllib3 base: a6ec68a
head repository: urllib3/urllib3 compare: 1efadf4
- 1 commit
- 14 files changed
- 1 contributor
Commits on Apr 17, 2019
Release 1.24.2 (#1564)
* Don’t load system certificates by default when any other ``ca_certs``, ``ca_certs_dir`` or ``ssl_context`` parameters are specified. * Remove Authorization header regardless of case when redirecting to cross-site. (Issue #1510) * Add support for IPv6 addresses in subjectAltName section of certificates. (Issue #1269)
Browse the repository at this point in the history
Related news
Dell Unity 5.3 contain(s) an Arbitrary File Creation vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by crafting arbitrary files through a request to the server.
An issue was discovered in Couchbase Server 7.x before 7.0.5 and 7.1.x before 7.1.2. A crafted HTTP REST request from an administrator account to the Couchbase Server Backup Service can exhaust memory resources, causing the process to be killed, which can be used for denial of service.
Couchbase Server before 7.1.0 has Incorrect Access Control.