Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2021-28363

The urllib3 library 1.26.x before 1.26.4 for Python omits SSL certificate validation in some cases involving HTTPS to HTTPS proxies. The initial connection to the HTTPS proxy (if an SSLContext isn't given via proxy_config) doesn't verify the hostname of the certificate. This means certificates for different servers that still validate properly with the default urllib3 SSLContext will be silently accepted. (CVE-2021-28363)

Source

ALAS2-2021-1667

Amazon Linux 2 Security Advisory: ALAS-2021-1667
Advisory Release Date: 2021-06-16 20:37 Pacific
Advisory Updated Date: 2021-06-22 22:40 Pacific

Severity: Medium

References: CVE-2021-28363

Issue Overview:

The urllib3 library 1.26.x before 1.26.4 for Python omits SSL certificate validation in some cases involving HTTPS to HTTPS proxies. The initial connection to the HTTPS proxy (if an SSLContext isn't given via proxy_config) doesn't verify the hostname of the certificate. This means certificates for different servers that still validate properly with the default urllib3 SSLContext will be silently accepted. (CVE-2021-28363)

Affected Packages:

python-pip

Issue Correction:
Run yum update python-pip to update your system.

New Packages:

noarch:
    python2-pip-20.2.2-1.amzn2.0.3.noarch
    python3-pip-20.2.2-1.amzn2.0.3.noarch
    python-pip-wheel-20.2.2-1.amzn2.0.3.noarch

src:
    python-pip-20.2.2-1.amzn2.0.3.src

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

ALAS2-2021-1667

ALAS2-2021-1667

Vulmon Search

About

Products

Connect