Much of the Python ecosystem already uses urllib3 but no exception. It has vulnerability occurred! CVE-2019-11324 – 23rd Apr 2019.

Preface: An IT ecosystem is “the network of organizations that drives the creation and delivery of information technology products and services.

About urllib3: Much of the Python ecosystem already uses urllib. It brings additional features that are missing from the Python standard libraries. For instance – Client-side SSL/TLS verification, Helpers for retrying requests and dealing with HTTP redirects,……

Vulnerability details: A vulnerability in urllib3 could allow an unauthenticated, remote attacker to bypass security restrictions on a targeted system.

Findings: The vulnerability exists because the affected software mishandles CA certificates that are related to the use of the ssl_context, ca_certs, or ca_certs_dir parameters.

Remedy: Software updates at the following link: