Access Control Bypass Affecting urllib3-future package, versions [,2.4.902)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-PYTHON-URLLIB3FUTURE-6332786
- published 29 Feb 2024
- disclosed 1 Feb 2024
- credit Unknown
How to fix?
Upgrade urllib3-future
to version 2.4.902 or higher.
Overview
urllib3-future is an urllib3.future is a powerful HTTP 1.1, 2, and 3 client with both sync and async interfaces
Affected versions of this package are vulnerable to Access Control Bypass due to using an insecure protocol.
References
CVSS Scores
version 3.1