Vulnerability in Urllib3

CVE-2025-66471

urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.0 and prior to 2.6.0, the Streaming API improperly handles highly compressed data. urllib3's streaming API is designed for the efficient handling of large HTT…

EPSS: 0.000 (4.6th percentile) — read the EPSS interpretation.

Affected products

Urllib3 — versions >= 1.0, < 2.6.0

Weakness classification (CWE)

CWE-409 — Improper Handling of Highly Compressed Data (Data Amplification)

References

https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37 (x_refsource_CONFIRM)
https://github.com/urllib3/urllib3/commit/c19571de34c47de3a766541b041637ba5f716ed7 (x_refsource_MISC)