Vulnerability-Lookup

Vulnerability from cleanstart

Published

2026-06-08 14:58

Modified

2026-06-02 09:20

Summary

Security fixes for CVE-2024-35195, CVE-2024-47081, CVE-2025-8869, CVE-2026-1703, CVE-2026-25645, CVE-2026-3219, CVE-2026-44431, CVE-2026-44432, CVE-2026-45409, CVE-2026-48710, CVE-2026-6357, ghsa-58qw-9mgm-455v, ghsa-65pc-fj4g-8rjx, ghsa-jp4c-xjxw-mgf9, ghsa-mf9v-mfxr-j63j, ghsa-qccp-gfcp-xxvc applied in versions: 1.25.2-r0, 2.2.3-r0, 2.2.3-r1

Details

Multiple security vulnerabilities affect the k8s-sidecar package. These issues are resolved in later releases. See references for individual vulnerability details.

References

URL

Type

	https://github.com/cleanstart-dev/cleanstart-secu…	ADVISORY
	https://osv.dev/vulnerability/CVE-2024-35195	WEB
	https://osv.dev/vulnerability/CVE-2024-47081	WEB
	https://osv.dev/vulnerability/CVE-2025-8869	WEB
	https://osv.dev/vulnerability/CVE-2026-1703	WEB
	https://osv.dev/vulnerability/CVE-2026-25645	WEB
	https://osv.dev/vulnerability/CVE-2026-3219	WEB
	https://osv.dev/vulnerability/CVE-2026-44431	WEB
	https://osv.dev/vulnerability/CVE-2026-44432	WEB
	https://osv.dev/vulnerability/CVE-2026-45409	WEB
	https://osv.dev/vulnerability/CVE-2026-48710	WEB
	https://osv.dev/vulnerability/CVE-2026-6357	WEB
	https://osv.dev/vulnerability/ghsa-58qw-9mgm-455v	WEB
	https://osv.dev/vulnerability/ghsa-65pc-fj4g-8rjx	WEB
	https://osv.dev/vulnerability/ghsa-jp4c-xjxw-mgf9	WEB
	https://osv.dev/vulnerability/ghsa-mf9v-mfxr-j63j	WEB
	https://osv.dev/vulnerability/ghsa-qccp-gfcp-xxvc	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2024-35195	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2024-47081	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-8869	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-1703	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-25645	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-3219	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-44431	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-44432	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-45409	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-48710	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-6357	WEB

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "CleanStart",
        "name": "k8s-sidecar"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.2.3-r1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "credits": [],
  "database_specific": {},
  "details": "Multiple security vulnerabilities affect the k8s-sidecar package. These issues are resolved in later releases. See references for individual vulnerability details.",
  "id": "CLEANSTART-2026-NN42198",
  "modified": "2026-06-02T09:20:45Z",
  "published": "2026-06-08T14:58:02.453463Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-NN42198.json"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-35195"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-47081"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-8869"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-1703"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-25645"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-3219"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-44431"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-44432"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-45409"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-48710"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-6357"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-58qw-9mgm-455v"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-65pc-fj4g-8rjx"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-jp4c-xjxw-mgf9"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-mf9v-mfxr-j63j"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-qccp-gfcp-xxvc"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35195"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47081"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8869"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1703"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25645"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3219"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44431"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44432"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45409"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48710"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6357"
    }
  ],
  "related": [],
  "schema_version": "1.7.3",
  "summary": "Security fixes for CVE-2024-35195, CVE-2024-47081, CVE-2025-8869, CVE-2026-1703, CVE-2026-25645, CVE-2026-3219, CVE-2026-44431, CVE-2026-44432, CVE-2026-45409, CVE-2026-48710, CVE-2026-6357, ghsa-58qw-9mgm-455v, ghsa-65pc-fj4g-8rjx, ghsa-jp4c-xjxw-mgf9, ghsa-mf9v-mfxr-j63j, ghsa-qccp-gfcp-xxvc applied in versions: 1.25.2-r0, 2.2.3-r0, 2.2.3-r1",
  "upstream": [
    "CVE-2024-35195",
    "CVE-2024-47081",
    "CVE-2025-8869",
    "CVE-2026-1703",
    "CVE-2026-25645",
    "CVE-2026-3219",
    "CVE-2026-44431",
    "CVE-2026-44432",
    "CVE-2026-45409",
    "CVE-2026-48710",
    "CVE-2026-6357",
    "ghsa-58qw-9mgm-455v",
    "ghsa-65pc-fj4g-8rjx",
    "ghsa-jp4c-xjxw-mgf9",
    "ghsa-mf9v-mfxr-j63j",
    "ghsa-qccp-gfcp-xxvc"
  ]
}

CVE-2026-6357 (GCVE-0-2026-6357)

Vulnerability from cvelistv5 – Published: 2026-04-27 14:19 – Updated: 2026-04-27 22:17

Title

pip self-update functionality can import newly installed modules after wheel installation

Summary

pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update functionality to run before wheels are installed to prevent newly-installed modules from being imported shortly after the installation of a wheel package. Users should still review package contents prior to installation.

Severity

5.3 (Medium)


                        
                          CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-829 - Inclusion of Functionality from Untrusted Control Sphere

Assigner

PSF

References

3 references

URL	Tags
https://github.com/pypa/pip/pull/13923	patch
https://ichard26.github.io/blog/2026/04/whats-new…	vendor-advisory
http://www.openwall.com/lists/oss-security/2026/04/27/7

Impacted products

1 product

Vendor	Product	Version
Pip maintainers	pip	Affected: 0 , < 26.1 (python)

Credits

Damian Shaw Damian Shaw Richard Si Seth Larson

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-6357",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-27T16:08:15.074450Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-829",
                "description": "CWE-829 Inclusion of Functionality from Untrusted Control Sphere",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-27T16:08:47.582Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2026-04-27T22:17:49.582Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/04/27/7"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pypi.org/project/pip",
          "defaultStatus": "unaffected",
          "packageName": "pip",
          "product": "pip",
          "repo": "https://github.com/pypa/pip",
          "vendor": "Pip maintainers",
          "versions": [
            {
              "lessThan": "26.1",
              "status": "affected",
              "version": "0",
              "versionType": "python"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Damian Shaw"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Damian Shaw"
        },
        {
          "lang": "en",
          "type": "remediation reviewer",
          "value": "Richard Si"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "Seth Larson"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update functionality to run before wheels are installed to prevent newly-installed modules from being imported shortly after the installation of a wheel package. Users should still review package contents prior to installation."
            }
          ],
          "value": "pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update functionality to run before wheels are installed to prevent newly-installed modules from being imported shortly after the installation of a wheel package. Users should still review package contents prior to installation."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "LOCAL",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "HIGH",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "ACTIVE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-27T14:19:47.657Z",
        "orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
        "shortName": "PSF"
      },
      "references": [
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/pypa/pip/pull/13923"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://ichard26.github.io/blog/2026/04/whats-new-in-pip-26.1/#security-fixes"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "pip self-update functionality can import newly installed modules after wheel installation",
      "x_generator": {
        "engine": "Vulnogram 0.6.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
    "assignerShortName": "PSF",
    "cveId": "CVE-2026-6357",
    "datePublished": "2026-04-27T14:19:47.657Z",
    "dateReserved": "2026-04-15T13:55:02.734Z",
    "dateUpdated": "2026-04-27T22:17:49.582Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

GHSA-58QW-9MGM-455V

Vulnerability from github – Published: 2026-04-20 18:31 – Updated: 2026-05-20 20:54

Summary

pip has an interpretation conflict due to handling both concatenated tar and ZIP files as ZIP files

Details

pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavior, such as installing "incorrect" files according to the filename of the archive. New behavior only proceeds with installation if the file identifies uniquely as a ZIP or tar archive, not as both.

Severity

4.6 (Medium)


                  
                    CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 26.0.1"
      },
      "package": {
        "ecosystem": "PyPI",
        "name": "pip"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "26.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-3219"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-434"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-24T15:48:17Z",
    "nvd_published_at": "2026-04-20T16:16:45Z",
    "severity": "MODERATE"
  },
  "details": "pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavior, such as installing \"incorrect\" files according to the filename of the archive. New behavior only proceeds with installation if the file identifies uniquely as a ZIP or tar archive, not as both.",
  "id": "GHSA-58qw-9mgm-455v",
  "modified": "2026-05-20T20:54:23Z",
  "published": "2026-04-20T18:31:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3219"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/pip/issues/13867"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/pip/pull/13870"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/pypa/pip"
    },
    {
      "type": "WEB",
      "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/QAJ5JIVWWCAJ4EZL2FP5MOOW35JS7LRJ"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/04/20/8"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "pip has an interpretation conflict due to handling both concatenated tar and ZIP files as ZIP files"
}

GHSA-65PC-FJ4G-8RJX

Vulnerability from github – Published: 2026-05-19 14:34 – Updated: 2026-06-09 11:57

Summary

Internationalized Domain Names in Applications (IDNA): Specially crafted inputs to idna.encode() can bypass CVE-2024-3651 fix

Details

This is the same issue as CVE-2024-3651, however the original remediation in 2024 was not a complete fix. Payloads such as "\u0660" * N or "\u30fb" * N + "\u6f22" utilize the valid_contexto function prior to length rejection, and for high values of N will take a long time to process.

Impact

A specially crafted argument to the idna.encode() function could consume significant resources. This may lead to a denial-of-service.

Patches

Starting in version 3.14, the function rejects long inputs as soon as practicable prior to any further processing to minimize resource consumption. In version 3.15, this approach was extended to lesser used alternate functions (i.e. per-label conversions and codec support).

Workarounds

Domain names cannot exceed 253 characters in length, if this length limit is enforced prior to passing the domain to the idna.encode() function it should no longer consume significant resources. This is triggered by arbitrarily large inputs that would not occur in normal usage, but may be passed to the library assuming there is no preliminary input validation by the higher-level application.

Severity

6.9 (Medium)


                  
                    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "idna"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.15"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-45409"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1333"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-19T14:34:32Z",
    "nvd_published_at": "2026-06-05T23:16:43Z",
    "severity": "MODERATE"
  },
  "details": "This is the same issue as CVE-2024-3651, however the original remediation in 2024 was not a complete fix. Payloads such as `\"\\u0660\" * N` or `\"\\u30fb\" * N + \"\\u6f22\"` utilize the `valid_contexto` function prior to length rejection, and for high values of `N` will take a long time to process.\n\n### Impact\nA specially crafted argument to the `idna.encode()` function could consume significant resources. This may lead to a denial-of-service.\n\n### Patches\nStarting in version 3.14, the function rejects long inputs as soon as practicable prior to any further processing to minimize resource consumption. In version 3.15, this approach was extended to lesser used alternate functions (i.e. per-label conversions and codec support).\n\n### Workarounds\nDomain names cannot exceed 253 characters in length, if this length limit is enforced prior to passing the domain to the `idna.encode()` function it should no longer consume significant resources. This is triggered by arbitrarily large inputs that would not occur in normal usage, but may be passed to the library assuming there is no preliminary input validation by the higher-level application.",
  "id": "GHSA-65pc-fj4g-8rjx",
  "modified": "2026-06-09T11:57:15Z",
  "published": "2026-05-19T14:34:32Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/kjd/idna/security/advisories/GHSA-65pc-fj4g-8rjx"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45409"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/kjd/idna"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Internationalized Domain Names in Applications (IDNA): Specially crafted inputs to idna.encode() can bypass CVE-2024-3651 fix"
}

GHSA-JP4C-XJXW-MGF9

Vulnerability from github – Published: 2026-04-27 15:30 – Updated: 2026-05-05 22:05

Summary

pip Vulnerable to Inclusion of Functionality from Untrusted Control Sphere

Details

Severity

5.3 (Medium)


                  
                    CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "pip"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "26.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-6357"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-829"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-05T22:05:46Z",
    "nvd_published_at": "2026-04-27T15:16:20Z",
    "severity": "MODERATE"
  },
  "details": "pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update functionality to run before wheels are installed to prevent newly-installed modules from being imported shortly after the installation of a wheel package. Users should still review package contents prior to installation.",
  "id": "GHSA-jp4c-xjxw-mgf9",
  "modified": "2026-05-05T22:05:46Z",
  "published": "2026-04-27T15:30:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6357"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/pip/pull/13923"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/pip/commit/b369bfc96cc524e00c267e1693290e6599c36bad"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/pypa/pip"
    },
    {
      "type": "WEB",
      "url": "https://ichard26.github.io/blog/2026/04/whats-new-in-pip-26.1/#security-fixes"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/04/27/7"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "pip Vulnerable to Inclusion of Functionality from Untrusted Control Sphere"
}

GHSA-MF9V-MFXR-J63J

Vulnerability from github – Published: 2026-05-11 14:51 – Updated: 2026-06-08 19:52

Summary

urllib3: Decompression-bomb safeguards bypassed in parts of the streaming API

Details

Impact

urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once.

urllib3 can perform decompression based on the HTTP Content-Encoding header (e.g., gzip, deflate, br, or zstd). When using the streaming API since version 2.6.0, the library decompresses only the necessary bytes, enabling partial content consumption.

However, urllib3 before version 2.7.0 could still decompress the whole response instead of the requested portion in two cases: 1. During the second HTTPResponse.read(amt=N) call when the response was decompressed using the official Brotli library. 2. When HTTPResponse.drain_conn() was called after the response had been read and decompressed partially (compression algorithm did not matter here).

These issues could cause urllib3 to fully decode a small amount of highly compressed data in a single operation. This could result in excessive resource consumption (high CPU usage and massive memory allocation for the decompressed data; CWE-409) on the client side.

Affected usages

Applications and libraries using urllib3 versions earlier than 2.7.0 may be affected when streaming compressed responses from untrusted sources in either of these cases, unless decompression is explicitly disabled:

A response encoded with br is read incrementally with at least two HTTPResponse.read(amt=N) or HTTPResponse.stream(amt=N) calls while using the official Brotli library.
HTTPResponse.drain_conn() is called after response decompression has already started.

Remediation

Upgrade to at least urllib3 version 2.7.0 in which the library: 1. Is more efficient for reads with Brotli. 2. Always skips decompression for HTTPResponse.drain_conn().

If upgrading is not immediately possible, the following workarounds may reduce exposure in specific cases: 1. For the Brotli-specific issue only, switch from brotli to brotlicffi until you can upgrade urllib3; the official Brotli package is affected because of https://github.com/google/brotli/issues/1396. 2. If your code explicitly calls HTTPResponse.drain_conn(), call HTTPResponse.close() instead when connection reuse is not important.

Credits

The Brotli-specific issue was reported by @kimkou2024. HTTPResponse.drain_conn() inefficiency was reported by @Cycloctane.

Severity

7.5 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

8.9 (High)


                  
                    CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "urllib3"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.6.0"
            },
            {
              "fixed": "2.7.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-44432"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-409"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-11T14:51:45Z",
    "nvd_published_at": "2026-05-13T16:16:57Z",
    "severity": "HIGH"
  },
  "details": "### Impact\n\nurllib3\u0027s [streaming API](https://urllib3.readthedocs.io/en/2.7.0/advanced-usage.html#streaming-and-i-o) is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once.\n\nurllib3 can perform decompression based on the HTTP `Content-Encoding` header (e.g., `gzip`, `deflate`, `br`, or `zstd`). When using the streaming API since version 2.6.0, the library decompresses only the necessary bytes, enabling partial content consumption.\n\nHowever, urllib3 before version 2.7.0 could still decompress the whole response instead of the requested portion in two cases:\n1. During the second `HTTPResponse.read(amt=N)` call when the response was decompressed using the official [Brotli](https://pypi.org/project/brotli/) library.\n2. When `HTTPResponse.drain_conn()` was called after the response had been read and decompressed partially (compression algorithm did not matter here).\n\nThese issues could cause urllib3 to fully decode a small amount of highly compressed data in a single operation. This could result in excessive resource consumption (high CPU usage and massive memory allocation for the decompressed data; CWE-409) on the client side.\n\n\n### Affected usages\n\nApplications and libraries using urllib3 versions earlier than 2.7.0 may be affected when streaming compressed responses from untrusted sources in either of these cases, unless decompression is explicitly disabled:\n\n1. A response encoded with `br` is read incrementally with at least two `HTTPResponse.read(amt=N)` or `HTTPResponse.stream(amt=N)` calls while using the official [Brotli](https://pypi.org/project/brotli/) library.\n2. `HTTPResponse.drain_conn()` is called after response decompression has already started.\n\n\n### Remediation\n\nUpgrade to at least urllib3 version 2.7.0 in which the library:\n1. Is more efficient for reads with Brotli.\n2. Always skips decompression for `HTTPResponse.drain_conn()`.\n\nIf upgrading is not immediately possible, the following workarounds may reduce exposure in specific cases:\n1. For the Brotli-specific issue only, switch from [brotli](https://pypi.org/project/brotli/) to [brotlicffi](https://pypi.org/project/brotlicffi/) until you can upgrade urllib3; the official Brotli package is affected because of https://github.com/google/brotli/issues/1396.\n2. If your code explicitly calls `HTTPResponse.drain_conn()`, call `HTTPResponse.close()` instead when connection reuse is not important.\n\n\n### Credits\n\nThe Brotli-specific issue was reported by @kimkou2024.\n`HTTPResponse.drain_conn()` inefficiency was reported by @Cycloctane.",
  "id": "GHSA-mf9v-mfxr-j63j",
  "modified": "2026-06-08T19:52:23Z",
  "published": "2026-05-11T14:51:45Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44432"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2026-142.yaml"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/urllib3/urllib3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H",
      "type": "CVSS_V4"
    }
  ],
  "summary": "urllib3: Decompression-bomb safeguards bypassed in parts of the streaming API"
}

GHSA-QCCP-GFCP-XXVC

Vulnerability from github – Published: 2026-05-11 14:51 – Updated: 2026-05-14 20:35

Summary

urllib3: Sensitive headers forwarded across origins in proxied low-level redirects

Details

Impact

When following cross-origin redirects for requests made using urllib3’s high-level APIs, such as urllib3.request(), PoolManager.request(), and ProxyManager.request(), sensitive headers — Authorization, Cookie, and Proxy-Authorization (defined in Retry.DEFAULT_REMOVE_HEADERS_ON_REDIRECT) — are stripped by default, as expected.

However, cross-origin redirects followed from the low-level API via ProxyManager.connection_from_url().urlopen(..., assert_same_host=False) still forward these sensitive headers.

Affected usage

Applications and libraries using urllib3 versions earlier than 2.7.0 may be affected if they allow cross-origin redirects while making requests through HTTPConnection.urlopen() instances created via ProxyManager.connection_from_url().

Remediation

Upgrade to urllib3 version 2.7.0 or later, in which sensitive headers are stripped from redirects followed by HTTPConnection.

If upgrading is not immediately possible, avoid using this low-level redirect flow for cross-origin redirects. If appropriate for your use case, switch to ProxyManager.request().

Severity

5.3 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

8.2 (High)


                  
                    CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "urllib3"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.23"
            },
            {
              "fixed": "2.7.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-44431"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-11T14:51:20Z",
    "nvd_published_at": "2026-05-13T16:16:57Z",
    "severity": "HIGH"
  },
  "details": "### Impact\n\nWhen following cross-origin redirects for requests made using urllib3\u2019s high-level APIs, such as `urllib3.request()`, `PoolManager.request()`, and `ProxyManager.request()`, sensitive headers \u2014 `Authorization`, `Cookie`, and `Proxy-Authorization` (defined in `Retry.DEFAULT_REMOVE_HEADERS_ON_REDIRECT`) \u2014 are stripped by default, as expected.\n\nHowever, cross-origin redirects followed from the low-level API via `ProxyManager.connection_from_url().urlopen(..., assert_same_host=False)` still forward these sensitive headers.\n\n### Affected usage\n\nApplications and libraries using urllib3 versions earlier than 2.7.0 may be affected if they allow cross-origin redirects while making requests through `HTTPConnection.urlopen()` instances created via `ProxyManager.connection_from_url()`.\n\n### Remediation\n\nUpgrade to urllib3 version 2.7.0 or later, in which sensitive headers are stripped from redirects followed by `HTTPConnection`.\n\nIf upgrading is not immediately possible, avoid using this low-level redirect flow for cross-origin redirects. If appropriate for your use case, switch to `ProxyManager.request()`.",
  "id": "GHSA-qccp-gfcp-xxvc",
  "modified": "2026-05-14T20:35:49Z",
  "published": "2026-05-11T14:51:20Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44431"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/urllib3/urllib3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "urllib3: Sensitive headers forwarded across origins in proxied low-level redirects"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

Vulnerability from cleanstart

CVE-2026-6357 (GCVE-0-2026-6357)

GHSA-58QW-9MGM-455V

GHSA-65PC-FJ4G-8RJX

Impact

Patches

Workarounds

GHSA-JP4C-XJXW-MGF9

GHSA-MF9V-MFXR-J63J

Impact

Affected usages

Remediation

Credits

GHSA-QCCP-GFCP-XXVC

Impact

Affected usage

Remediation

Tags

Sightings

Nomenclature