You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve 2025 66471
About this tag
CVE-2025-66471 is a denial-of-service vulnerability in the Python urllib3 HTTP library, affecting versions from 1.0 up to but not including 2.6.0. The flaw involves streaming decompression, where small, highly compressed responses can force clients to decompress massive amounts of data, consuming excessive CPU and memory. This can lead to denial-of-service conditions for applications that stream HTTP responses, particularly those accepting content from untrusted sources. A security fix is included in urllib3 v2.6.0 and subsequent releases. Windows users and administrators running Python applications that rely on urllib3 for HTTP streaming should update to the patched version immediately to mitigate this risk.
A newly disclosed vulnerability in the widely used Python HTTP library urllib3 can let small, highly compressed responses force clients to decompress massive amounts of data — consuming CPU and memory and causing denial-of-service conditions for applications that stream HTTP responses. The...