QwikSec

Security Database

CVE

CWE

Training

CVE-2019-11324

Published: Apr 18, 2019

Modified: Aug 4, 2024

PUBLISHED

Description

The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure is the correct outcome. This is related to use of the ssl_context, ca_certs, or ca_certs_dir argument.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/urllib3/urllib3/compare/a6ec68a...1efadf4

[oss-security] 20190418 Re: urllib3: adds system certificates to ssl_context

mailing-list

vendor-advisory

openSUSE-SU-2019:2131

vendor-advisory

openSUSE-SU-2019:2133

vendor-advisory

vendor-advisory

vendor-advisory

FEDORA-2020-6148c44137

vendor-advisory

FEDORA-2020-d0d9ad17d8

vendor-advisory

[debian-lts-announce] 20210615 [SECURITY] [DLA 2686-1] python-urllib3 security update

mailing-list

[debian-lts-announce] 20231008 [SECURITY] [DLA 3610-1] python-urllib3 security update

mailing-list

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.