python urllib3 CVE-2021-33503 vulnerability in Python and Other Products
Published on June 29, 2021

product logo product logo product logo
An issue was discovered in urllib3 before 1.26.5. When provided with a URL containing many @ characters in the authority component, the authority regular expression exhibits catastrophic backtracking, causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect.

Github Repository Vendor Advisory Vendor Advisory Vendor Advisory NVD


Products Associated with CVE-2021-33503

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2021-33503 are published in these products:

Python Urllib3
 
Fedora Project Fedora
 
Oracle Enterprise Manager Ops Center
 
Oracle Instantis Enterprisetrack
 
Oracle Zfs Storage Appliance Kit
 

Vulnerable Packages

The following package name and versions may be associated with CVE-2021-33503

Package Manager Vulnerable Package Versions Fixed In
pip urllib3 < 1.26.5 1.26.5

Exploit Probability

EPSS
0.86%
Percentile
74.74%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.