This page collects WhisperX intelligence signals tagged #urllib3. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A critical vulnerability in urllib3, a widely-used HTTP client library for Python, allows redirect requests to proceed even when application developers explicitly disable retry mechanisms. The flaw, tracked as CVE-2025-50181 and catalogued as GHSA-pq67-6m6q-mj2v, stems from how urllib3 consolidates redirect and retry h...
A pair of high-severity decompression-bomb vulnerabilities have been identified in urllib3 versions 2.6.0 through 2.6.x (prior to 2.7.0), exposing applications that rely on the library's streaming API to resource-exhaustion attacks. Tracked as CVE-2026-44432 with a CVSS v4.0 score of 8.9, the flaws allow a malicious se...
A critical vulnerability in urllib3 versions prior to 2.7.0 enables unauthorized exfiltration of sensitive authentication headers during cross-origin redirects. The flaw specifically targets the low-level `ProxyManager.connection_from_url().urlopen(..., assert_same_host=False)` API pathway, which unlike its high-level ...