Security Bulletin: IBM Cloud Pak for Data System (CPDS 1.0) is affected by multiple vulnerabilities due to urllib3
Details
CVSS v3
7.5
CVSS v4
8.9
NVD published
2025-12-05 16:15:51
EPSS
<0.1% probability · 8.0th percentile — 2026-03-31
Affected versions
cpe:2.3:a:python:urllib3:*:*:*:*:*:*:*:*
Summary
urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps leading to high CPU usage and massive memory allocation for the decompressed data. This vulnerability is fixed in 2.6.0.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.