Preface: An IT ecosystem is “the network of organizations that drives the creation and delivery of information technology products and services.
About urllib3: Much of the Python ecosystem already uses urllib. It brings additional features that are missing from the Python standard libraries. For instance – Client-side SSL/TLS verification, Helpers for retrying requests and dealing with HTTP redirects,……
Vulnerability details: A vulnerability in urllib3 could allow an unauthenticated, remote attacker to bypass security restrictions on a targeted system.
Findings: The vulnerability exists because the affected software mishandles CA certificates that are related to the use of the ssl_context, ca_certs, or ca_certs_dir parameters.
Remedy: Software updates at the following link: https://github.com/urllib3/urllib3/releases