漏洞信息详情
urllib3 信任管理问题漏洞
漏洞简介
urllib3是一款Python HTTP库。该产品具有线程安全连接池、文件发布支持等。
urllib3 library 1.26.x before 1.26.4 存在信任管理问题漏洞,该漏洞源于SSLContext正确验证的其他服务器的证书将被静默接受。
漏洞公告
目前厂商已发布升级补丁以修复漏洞,补丁获取链接:
https://github.com/urllib3/urllib3/commits/main
参考网址
来源:MISC
链接:https://github.com/urllib3/urllib3/commits/main
来源:CONFIRM
链接:https://github.com/urllib3/urllib3/security/advisories/GHSA-5phf-pp7p-vc2r
来源:CONFIRM
链接:https://pypi.org/project/urllib3/1.26.4/
来源:FEDORA
链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/4S65ZQVZ2ODGB52IC7VJDBUK4M5INCXL/
来源:GENTOO
链接:https://security.gentoo.org/glsa/202107-36
来源:CONFIRM
链接:https://github.com/urllib3/urllib3/commit/8d65ea1ecf6e2cdc27d42124e587c1b83a3118b0
来源:nvd.nist.gov
链接:https://nvd.nist.gov/vuln/detail/CVE-2021-28363
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-python-tornado-and-urllib3-affect-ibm-spectrum-protect-plus-microsoft-file-systems-backup-and-restore/
来源:www.oracle.com
链接:https://www.oracle.com/security-alerts/cpuoct2021.html
来源:www.cybersecurity-help.cz
链接:https://www.cybersecurity-help.cz/vdb/SB2021052523
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-python-urllib3/
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-the-python-python-cryptography-and-urllib3-affect-ibm-spectrum-discover/
来源:vigilance.fr
链接:https://vigilance.fr/vulnerability/Python-urllib3-Man-in-the-Middle-via-HTTPS-Proxy-Connection-35509
来源:www.cybersecurity-help.cz
链接:https://www.cybersecurity-help.cz/vdb/SB2021071501
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/163514/Gentoo-Linux-Security-Advisory-202107-36.html
受影响实体
暂无
补丁
- urllib3 信任管理问题漏洞的修复措施<!--2021-3-15-->
还没有评论,来说两句吧...