{"dataType": "CVE_RECORD", "containers": {"adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"Moderate\"}"}}}], "affected": [{"vendor": "redhat", "product": "python3-pip", "platforms": ["cpe:/o:redhat:enterprise_linux:10"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "python3-pip-wheel", "platforms": ["cpe:/o:redhat:enterprise_linux:10"], "defaultStatus": "affected"}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2025-50182"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373800"}, {"url": "https://github.com/urllib3/urllib3/commit/7eb4a2aafe49a279c29b6d1f0ed0f42e9736194f"}, {"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-48p4-8xcf-vxj5"}, {"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-50182"}, {"url": "https://www.cve.org/CVERecord?id=CVE-2025-50182"}], "descriptions": [{"lang": "en", "value": "A flaw was found in urllib3. The library fails to properly validate redirect URLs, allowing an attacker to manipulate redirect chains when used in environments like Pyodide utilizing the JavaScript Fetch API. This lack of validation can enable a remote attacker to control the redirect destination, leading to arbitrary URL redirection. Consequently, an attacker can redirect users to malicious websites. This \nvulnerability stems from a failure to constrain the redirect target."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2025-06-19T01:42:44Z", "x_subShortName": "redhat_10"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"Moderate\"}"}}}], "affected": [{"vendor": "redhat", "product": "python-pip", "platforms": ["cpe:/o:redhat:enterprise_linux:7"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "python-s3transfer", "platforms": ["cpe:/o:redhat:enterprise_linux:7"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "python3-pip", "platforms": ["cpe:/o:redhat:enterprise_linux:7"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "resource-agents", "platforms": ["cpe:/o:redhat:enterprise_linux:7"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "resource-agents-aliyun", "platforms": ["cpe:/o:redhat:enterprise_linux:7"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "resource-agents-gcp", "platforms": ["cpe:/o:redhat:enterprise_linux:7"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "resource-agents-sap", "platforms": ["cpe:/o:redhat:enterprise_linux:7"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "resource-agents-sap-hana", "platforms": ["cpe:/o:redhat:enterprise_linux:7"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "resource-agents-sap-hana-scaleout", "platforms": ["cpe:/o:redhat:enterprise_linux:7"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "sap-cluster-connector", "platforms": ["cpe:/o:redhat:enterprise_linux:7"], "defaultStatus": "affected"}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2025-50182"}], "descriptions": [{"lang": "en", "value": "A flaw was found in urllib3. The library fails to properly validate redirect URLs, allowing an attacker to manipulate redirect chains when used in environments like Pyodide utilizing the JavaScript Fetch API. This lack of validation can enable a remote attacker to control the redirect destination, leading to arbitrary URL redirection. Consequently, an attacker can redirect users to malicious websites. This \nvulnerability stems from a failure to constrain the redirect target. \n            The vulnerability lies in the urllib3 library's inability to control HTTP redirects when executed within a Pyodide runtime. This can lead to Server-Side Request Forgery (SSRF) attacks, where an attacker can induce the application to make requests to unintended internal or external resources. While urllib3 is a ubiquitous library in the Python ecosystem and is present in many Red Hat products, the vulnerability is specific to its use within the less common Pyodide (Python in a browser) environment. The attack complexity is high as it requires a specific application context where user-supplied input is used to construct a request URL in a Pyodide-based application that also attempts to mitigate SSRF by disabling redirects. The impact is primarily on confidentiality, as a successful exploit could lead to the disclosure of sensitive information from the server's local network. Given the specific and less common configuration required for exploitation, the severity is rated as Moderate.\n            Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2025-06-19T01:42:00Z", "x_subShortName": "redhat_7"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"Moderate\"}"}}}], "affected": [{"vendor": "redhat", "product": "fence-agents", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-aliyun", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-all", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-amt-ws", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-apc", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-apc-snmp", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-aws", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-azure-arm", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-bladecenter", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-brocade", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-cisco-mds", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-cisco-ucs", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-common", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-compute", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-drac5", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-eaton-snmp", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-emerson", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-eps", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-gce", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-heuristics-ping", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-hpblade", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-ibm-powervs", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-ibm-vpc", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-ibmblade", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-ifmib", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-ilo-moonshot", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-ilo-mp", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-ilo-ssh", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-ilo2", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-intelmodular", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-ipdu", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-ipmilan", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-kdump", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-kubevirt", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-lpar", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-mpath", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-openstack", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-redfish", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-rhevm", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-rsa", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-rsb", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-sbd", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-scsi", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-virsh", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-vmware-rest", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-vmware-soap", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-wti", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-zvm", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "platform-python-pip", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "python-pip", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "python3-pip", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "python3-pip-wheel", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "python3.11-pip", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "python3.11-pip-wheel", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "python3.12-pip", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "python3.12-pip-wheel", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "python38-pip", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "python38-pip-wheel", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "python39-pip", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "python39-pip-wheel", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "python3x-pip", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2025-50182"}], "descriptions": [{"lang": "en", "value": "A flaw was found in urllib3. The library fails to properly validate redirect URLs, allowing an attacker to manipulate redirect chains when used in environments like Pyodide utilizing the JavaScript Fetch API. This lack of validation can enable a remote attacker to control the redirect destination, leading to arbitrary URL redirection. Consequently, an attacker can redirect users to malicious websites. This \nvulnerability stems from a failure to constrain the redirect target. \n            The vulnerability lies in the urllib3 library's inability to control HTTP redirects when executed within a Pyodide runtime. This can lead to Server-Side Request Forgery (SSRF) attacks, where an attacker can induce the application to make requests to unintended internal or external resources. While urllib3 is a ubiquitous library in the Python ecosystem and is present in many Red Hat products, the vulnerability is specific to its use within the less common Pyodide (Python in a browser) environment. The attack complexity is high as it requires a specific application context where user-supplied input is used to construct a request URL in a Pyodide-based application that also attempts to mitigate SSRF by disabling redirects. The impact is primarily on confidentiality, as a successful exploit could lead to the disclosure of sensitive information from the server's local network. Given the specific and less common configuration required for exploitation, the severity is rated as Moderate.\n            Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, {"lang": "en", "value": "Red Hat's versions of the associated software have been determined to NOT be affected by CVE-2025-50182."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2025-06-19T01:42:00Z", "x_subShortName": "redhat_8"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"Moderate\"}"}}}], "affected": [{"vendor": "redhat", "product": "fence-agents", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-aliyun", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-all", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-amt-ws", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-apc", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-apc-snmp", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-aws", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-azure-arm", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-bladecenter", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-brocade", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-cisco-mds", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-cisco-ucs", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-common", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-compute", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-drac5", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-eaton-snmp", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-emerson", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-eps", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-gce", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-heuristics-ping", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-hpblade", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-ibm-powervs", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-ibm-vpc", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-ibmblade", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-ifmib", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-ilo-moonshot", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-ilo-mp", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-ilo-ssh", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-ilo2", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-intelmodular", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-ipdu", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-ipmilan", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-kdump", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-kubevirt", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-lpar", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-mpath", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-openstack", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-redfish", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-rhevm", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-rsa", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-rsb", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-sbd", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-scsi", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-virsh", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-vmware-rest", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-vmware-soap", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-wti", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-zvm", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-virt", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-virtd", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-virtd-cpg", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-virtd-libvirt", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-virtd-multicast", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-virtd-serial", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-virtd-tcp", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "ha-cloud-support", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "python-pip", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "python3-pip", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "python3-pip-wheel", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "python3.11-pip", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "python3.11-pip-wheel", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "python3.12-pip", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "python3.12-pip-wheel", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel9-6-els/rhel", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9-6-els/rhel-minimal", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9-eus/rhel-9.6-bootc", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9-eus/rhel-9.6-bootc-image-builder", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/buildah", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/cups", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/fdo-manufacturing-server", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/fdo-owner-onboarding-server", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/fdo-rendezvous-server", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/fdo-serviceinfo-api-server", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/gcc-toolset-13-toolchain", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/gcc-toolset-14-toolchain", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/go-toolset", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/grafana", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/httpd-24", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/keylime-registrar", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/keylime-verifier", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/mariadb-1011", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/mariadb-105", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/memcached", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/mysql-80", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/mysql-84", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/net-snmp", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/nginx-120", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/nginx-122", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/nginx-124", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/nginx-126", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/nodejs-18", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/nodejs-18-minimal", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/nodejs-20", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/nodejs-20-minimal", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/nodejs-22", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/nodejs-22-minimal", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/pcp", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/perl-532", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/php-80", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/php-81", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/php-82", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/php-83", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/podman", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/postgresql-13", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/postgresql-15", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/postgresql-16", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/python-311", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/python-312", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/python-312-minimal", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/python-39", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/realtime-tests", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/redis-6", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/redis-7", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/rsyslog", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/rteval", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/rtla", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/ruby-30", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/ruby-31", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/ruby-33", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/s2i-base", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/s2i-core", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/skopeo", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/squid", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/support-tools", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/tang", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/toolbox", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/varnish-6", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "ubi9", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "ubi9-init", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "ubi9-micro", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "ubi9-minimal", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "ubi9/buildah", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "ubi9/go-toolset", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "ubi9/httpd-24", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "ubi9/nginx-120", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "ubi9/nginx-122", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "ubi9/nginx-124", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "ubi9/nginx-126", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "ubi9/nodejs-18", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "ubi9/nodejs-18-minimal", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "ubi9/nodejs-20", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "ubi9/nodejs-20-minimal", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "ubi9/nodejs-22", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "ubi9/nodejs-22-minimal", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "ubi9/perl-532", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "ubi9/php-80", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "ubi9/php-81", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "ubi9/php-82", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "ubi9/php-83", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "ubi9/podman", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "ubi9/python-311", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "ubi9/python-312", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "ubi9/python-312-minimal", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "ubi9/python-39", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "ubi9/ruby-30", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "ubi9/ruby-31", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "ubi9/ruby-33", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "ubi9/s2i-base", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "ubi9/s2i-core", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "ubi9/skopeo", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "ubi9/toolbox", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "ubi9/ubi", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "ubi9/ubi-init", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "ubi9/ubi-micro", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "ubi9/ubi-minimal", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2025-50182"}], "descriptions": [{"lang": "en", "value": "A flaw was found in urllib3. The library fails to properly validate redirect URLs, allowing an attacker to manipulate redirect chains when used in environments like Pyodide utilizing the JavaScript Fetch API. This lack of validation can enable a remote attacker to control the redirect destination, leading to arbitrary URL redirection. Consequently, an attacker can redirect users to malicious websites. This \nvulnerability stems from a failure to constrain the redirect target. \n            The vulnerability lies in the urllib3 library's inability to control HTTP redirects when executed within a Pyodide runtime. This can lead to Server-Side Request Forgery (SSRF) attacks, where an attacker can induce the application to make requests to unintended internal or external resources. While urllib3 is a ubiquitous library in the Python ecosystem and is present in many Red Hat products, the vulnerability is specific to its use within the less common Pyodide (Python in a browser) environment. The attack complexity is high as it requires a specific application context where user-supplied input is used to construct a request URL in a Pyodide-based application that also attempts to mitigate SSRF by disabling redirects. The impact is primarily on confidentiality, as a successful exploit could lead to the disclosure of sensitive information from the server's local network. Given the specific and less common configuration required for exploitation, the severity is rated as Moderate.\n            Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, {"lang": "en", "value": "Red Hat's versions of the associated software have been determined to NOT be affected by CVE-2025-50182."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2025-06-19T01:42:00Z", "x_subShortName": "redhat_9"}}, {"metrics": [{"other": {"type": "Unknown", "content": {"data": "{\"description\":\"unimportant\"}"}}}], "affected": [{"vendor": "debian", "product": "python-urllib3", "platforms": ["bookworm", "bullseye"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "python3-urllib3", "versions": [{"status": "affected", "version": "0", "lessThan": "2.3.0-3", "versionType": "deb"}], "platforms": ["forky", "sid", "trixie"], "defaultStatus": "unaffected"}], "references": [{"url": "https://security-tracker.debian.org/tracker/CVE-2025-50182"}], "descriptions": [{"lang": "en", "value": "urllib3 is a user-friendly HTTP client library for Python. Starting in version 2.2.0 and prior to 2.5.0, urllib3 does not control redirects in browsers and Node.js. urllib3 supports being used in a Pyodide runtime utilizing the JavaScript Fetch API or falling back on XMLHttpRequest. This means Python libraries can be used to make HTTP requests from a browser or Node.js. Additionally, urllib3 provides a mechanism to control redirects, but the retries and redirect parameters are ignored with Pyodide; the runtime itself determines redirect behavior. This issue has been patched in version 2.5.0."}], "providerMetadata": {"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "shortName": "debian", "dateUpdated": "2025-06-19T01:42:44.921Z", "x_subShortName": "debian"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"Moderate\"}"}}}], "affected": [{"vendor": "suse", "product": "python3-urllib3", "platforms": ["cpe:/o:suse:oes-release:23.4", "cpe:/o:suse:oes-release:24.4", "cpe:/o:suse:oes-release:25.4", "cpe:/o:suse:sle-module-basesystem:15:sp6", "cpe:/o:suse:sle-module-basesystem:15:sp7", "cpe:/o:suse:sle_hpc:15:sp6", "cpe:/o:suse:sle_hpc:15:sp7", "cpe:/o:suse:sled:15:sp6", "cpe:/o:suse:sled:15:sp7", "cpe:/o:suse:sles-ltss:15", "cpe:/o:suse:sles-ltss:15:sp1", "cpe:/o:suse:sles-ltss:15:sp2", "cpe:/o:suse:sles-ltss:15:sp3", "cpe:/o:suse:sles-ltss:15:sp4", "cpe:/o:suse:sles-ltss:15:sp5", "cpe:/o:suse:sles:15", "cpe:/o:suse:sles:15:sp1", "cpe:/o:suse:sles:15:sp2", "cpe:/o:suse:sles:15:sp3", "cpe:/o:suse:sles:15:sp4", "cpe:/o:suse:sles:15:sp5", "cpe:/o:suse:sles:15:sp6", "cpe:/o:suse:sles:15:sp7", "cpe:/o:suse:sles_sap:15:sp3", "cpe:/o:suse:sles_sap:15:sp4", "cpe:/o:suse:sles_sap:15:sp5", "cpe:/o:suse:sles_sap:15:sp6", "cpe:/o:suse:sles_sap:15:sp7"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "python311-urllib3", "platforms": ["cpe:/o:suse:oes-release:23.4", "cpe:/o:suse:oes-release:24.4", "cpe:/o:suse:oes-release:25.4", "cpe:/o:suse:sle-module-public-cloud:15:sp4", "cpe:/o:suse:sle-module-python3:15:sp6", "cpe:/o:suse:sle-module-python3:15:sp7", "cpe:/o:suse:sle_hpc:15:sp4", "cpe:/o:suse:sle_hpc:15:sp6", "cpe:/o:suse:sle_hpc:15:sp7", "cpe:/o:suse:sled:15:sp6", "cpe:/o:suse:sled:15:sp7", "cpe:/o:suse:sles-ltss:15:sp4", "cpe:/o:suse:sles-ltss:15:sp5", "cpe:/o:suse:sles:15:sp4", "cpe:/o:suse:sles:15:sp5", "cpe:/o:suse:sles:15:sp6", "cpe:/o:suse:sles:15:sp7", "cpe:/o:suse:sles_sap:15:sp4", "cpe:/o:suse:sles_sap:15:sp5", "cpe:/o:suse:sles_sap:15:sp6", "cpe:/o:suse:sles_sap:15:sp7", "cpe:/o:suse:suse-manager-proxy:4.3", "cpe:/o:suse:suse-manager-retail-branch-server:4.3"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "python2-urllib3", "platforms": ["cpe:/o:suse:sles-ltss:15", "cpe:/o:suse:sles-ltss:15:sp1", "cpe:/o:suse:sles-ltss:15:sp2", "cpe:/o:suse:sles:15", "cpe:/o:suse:sles:15:sp1", "cpe:/o:suse:sles:15:sp2"], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "SUSE bug 1244924"}], "references": [{"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50182", "name": "Mitre CVE-2025-50182"}, {"url": "https://www.suse.com/security/cve/CVE-2025-50182", "name": "SUSE CVE-2025-50182"}], "descriptions": [{"lang": "en", "value": "\n    urllib3 is a user-friendly HTTP client library for Python. Starting in version 2.2.0 and prior to 2.5.0, urllib3 does not control redirects in browsers and Node.js. urllib3 supports being used in a Pyodide runtime utilizing the JavaScript Fetch API or falling back on XMLHttpRequest. This means Python libraries can be used to make HTTP requests from a browser or Node.js. Additionally, urllib3 provides a mechanism to control redirects, but the retries and redirect parameters are ignored with Pyodide; the runtime itself determines redirect behavior. This issue has been patched in version 2.5.0.\n    "}], "providerMetadata": {"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "shortName": "suse", "dateUpdated": "2025-07-09T00:00:00Z", "x_subShortName": "suse_server_15"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"Moderate\"}"}}}], "affected": [{"vendor": "suse", "product": "python3-urllib3", "platforms": ["cpe:/o:suse:oes-release:25.4", "cpe:/o:suse:sle-module-basesystem:15:sp6", "cpe:/o:suse:sle-module-basesystem:15:sp7", "cpe:/o:suse:sle_hpc:15:sp6", "cpe:/o:suse:sle_hpc:15:sp7", "cpe:/o:suse:sled:15:sp6", "cpe:/o:suse:sled:15:sp7", "cpe:/o:suse:sles:15:sp6", "cpe:/o:suse:sles:15:sp7", "cpe:/o:suse:sles_sap:15:sp6", "cpe:/o:suse:sles_sap:15:sp7"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "python311-urllib3", "platforms": ["cpe:/o:suse:oes-release:25.4", "cpe:/o:suse:sle-module-python3:15:sp6", "cpe:/o:suse:sle-module-python3:15:sp7", "cpe:/o:suse:sle_hpc:15:sp6", "cpe:/o:suse:sle_hpc:15:sp7", "cpe:/o:suse:sled:15:sp6", "cpe:/o:suse:sled:15:sp7", "cpe:/o:suse:sles:15:sp6", "cpe:/o:suse:sles:15:sp7", "cpe:/o:suse:sles_sap:15:sp6", "cpe:/o:suse:sles_sap:15:sp7"], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "SUSE bug 1244924"}], "references": [{"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50182", "name": "Mitre CVE-2025-50182"}, {"url": "https://www.suse.com/security/cve/CVE-2025-50182", "name": "SUSE CVE-2025-50182"}], "descriptions": [{"lang": "en", "value": "\n    urllib3 is a user-friendly HTTP client library for Python. Starting in version 2.2.0 and prior to 2.5.0, urllib3 does not control redirects in browsers and Node.js. urllib3 supports being used in a Pyodide runtime utilizing the JavaScript Fetch API or falling back on XMLHttpRequest. This means Python libraries can be used to make HTTP requests from a browser or Node.js. Additionally, urllib3 provides a mechanism to control redirects, but the retries and redirect parameters are ignored with Pyodide; the runtime itself determines redirect behavior. This issue has been patched in version 2.5.0.\n    "}], "providerMetadata": {"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "shortName": "suse", "dateUpdated": "2025-07-09T00:00:00Z", "x_subShortName": "suse_desktop_15"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"Moderate\"}"}}}], "affected": [{"vendor": "suse", "product": "python3-urllib3", "platforms": ["cpe:/o:suse:sle_hpc:12", "cpe:/o:suse:sles:12", "cpe:/o:suse:sles:12:sp2", "cpe:/o:suse:sles:12:sp3", "cpe:/o:suse:sles:12:sp4", "cpe:/o:suse:sles:12:sp5", "cpe:/o:suse:sles_sap:12", "cpe:/o:suse:sles_sap:12:sp3", "cpe:/o:suse:sles_sap:12:sp4", "cpe:/o:suse:sles_sap:12:sp5"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "python-urllib3", "platforms": ["cpe:/o:suse:sle_hpc:12", "cpe:/o:suse:sles:12", "cpe:/o:suse:sles:12:sp3", "cpe:/o:suse:sles:12:sp4", "cpe:/o:suse:sles:12:sp5", "cpe:/o:suse:sles_sap:12", "cpe:/o:suse:sles_sap:12:sp3", "cpe:/o:suse:sles_sap:12:sp4", "cpe:/o:suse:sles_sap:12:sp5"], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "SUSE bug 1244924"}], "references": [{"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50182", "name": "Mitre CVE-2025-50182"}, {"url": "https://www.suse.com/security/cve/CVE-2025-50182", "name": "SUSE CVE-2025-50182"}], "descriptions": [{"lang": "en", "value": "\n    urllib3 is a user-friendly HTTP client library for Python. Starting in version 2.2.0 and prior to 2.5.0, urllib3 does not control redirects in browsers and Node.js. urllib3 supports being used in a Pyodide runtime utilizing the JavaScript Fetch API or falling back on XMLHttpRequest. This means Python libraries can be used to make HTTP requests from a browser or Node.js. Additionally, urllib3 provides a mechanism to control redirects, but the retries and redirect parameters are ignored with Pyodide; the runtime itself determines redirect behavior. This issue has been patched in version 2.5.0.\n    "}], "providerMetadata": {"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "shortName": "suse", "dateUpdated": "2025-07-09T00:00:00Z", "x_subShortName": "suse_server_12"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"Moderate\"}"}}}], "affected": [{"vendor": "suse", "product": "python313-urllib3", "versions": [{"status": "affected", "version": "0", "lessThan": "0:2.5.0-160000.2.2", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:sles:16.0"], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "SUSE bug 1244924"}], "references": [{"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50182", "name": "Mitre CVE-2025-50182"}, {"url": "https://www.suse.com/security/cve/CVE-2025-50182", "name": "SUSE CVE-2025-50182"}], "descriptions": [{"lang": "en", "value": "\n    urllib3 is a user-friendly HTTP client library for Python. Starting in version 2.2.0 and prior to 2.5.0, urllib3 does not control redirects in browsers and Node.js. urllib3 supports being used in a Pyodide runtime utilizing the JavaScript Fetch API or falling back on XMLHttpRequest. This means Python libraries can be used to make HTTP requests from a browser or Node.js. Additionally, urllib3 provides a mechanism to control redirects, but the retries and redirect parameters are ignored with Pyodide; the runtime itself determines redirect behavior. This issue has been patched in version 2.5.0.\n    "}], "providerMetadata": {"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "shortName": "suse", "dateUpdated": "2025-11-14T00:00:00Z", "x_subShortName": "suse_server_16"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"MODERATE\"}"}}}], "affected": [{"vendor": "pypi", "product": "urllib3", "versions": [{"status": "affected", "version": "2.2.0", "lessThan": "2.5.0", "versionType": "custom"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://github.com/urllib3/urllib3"}, {"url": "https://github.com/urllib3/urllib3/commit/7eb4a2aafe49a279c29b6d1f0ed0f42e9736194f"}, {"url": "https://github.com/urllib3/urllib3/releases/tag/2.5.0"}, {"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-48p4-8xcf-vxj5"}, {"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-50182"}], "descriptions": [{"lang": "en", "value": "urllib3 [supports](https://urllib3.readthedocs.io/en/2.4.0/reference/contrib/emscripten.html) being used in a Pyodide runtime utilizing the [JavaScript Fetch API](https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API) or falling back on [XMLHttpRequest](https://developer.mozilla.org/en-US/docs/Web/API/XMLHttpRequest). This means you can use Python libraries to make HTTP requests from your browser or Node.js. Additionally, urllib3 provides [a mechanism](https://urllib3.readthedocs.io/en/2.4.0/user-guide.html#retrying-requests) to control redirects.\n\nHowever, the `retries` and `redirect` parameters are ignored with Pyodide; the runtime itself determines redirect behavior.\n\n\n## Affected usages\n\nAny code which relies on urllib3 to control the number of redirects for an HTTP request in a Pyodide runtime.\n\n\n## Impact\n\nRedirects are often used to exploit SSRF vulnerabilities. An application attempting to mitigate SSRF or open redirect vulnerabilities by disabling redirects may remain vulnerable if a Pyodide runtime redirect mechanism is unsuitable.\n\n\n## Remediation\n\nIf you use urllib3 in Node.js, upgrade to a patched version of urllib3.\n\nUnfortunately, browsers provide no suitable way which urllib3 can use: `XMLHttpRequest` provides no control over redirects, the Fetch API returns `opaqueredirect` responses lacking data when redirects are controlled manually. Expect default browser behavior for redirects."}, {"lang": "en", "value": "urllib3 does not control redirects in browsers and Node.js"}], "providerMetadata": {"orgId": "28c92f92-d60d-412d-b760-e73465c3df22", "shortName": "pypi", "dateUpdated": "2025-06-18T17:50:11Z", "x_subShortName": "pypi"}}, {"affected": [{"vendor": "unknown", "product": "unknown", "defaultStatus": "unknown"}], "references": [{"url": "https://www.cve.org/CVERecord?id=CVE-2025-50182"}], "descriptions": [{"lang": "en", "value": "not defined"}], "providerMetadata": {"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical", "dateUpdated": "2000-01-01T00:00:00Z", "x_subShortName": "canonical"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"cpes": ["cpe:2.3:a:python:urllib3:*:*:*:*:*:*:*:*"], "vendor": "python", "product": "urllib3", "versions": [{"status": "affected", "version": "2.2.0", "lessThan": "2.5.0", "versionType": "custom"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://github.com/urllib3/urllib3/commit/7eb4a2aafe49a279c29b6d1f0ed0f42e9736194f", "tags": ["patch"]}, {"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-48p4-8xcf-vxj5", "tags": ["vendor-advisory"]}, {"url": "https://github.com/urllib3/urllib3/releases/tag/2.5.0"}], "descriptions": [{"lang": "en", "value": "urllib3 is a user-friendly HTTP client library for Python. Starting in version 2.2.0 and prior to 2.5.0, urllib3 does not control redirects in browsers and Node.js. urllib3 supports being used in a Pyodide runtime utilizing the JavaScript Fetch API or falling back on XMLHttpRequest. This means Python libraries can be used to make HTTP requests from a browser or Node.js. Additionally, urllib3 provides a mechanism to control redirects, but the retries and redirect parameters are ignored with Pyodide; the runtime itself determines redirect behavior. This issue has been patched in version 2.5.0."}, {"lang": "es", "value": "urllib3 es una librería cliente HTTP intuitiva para Python. Antes de la versión 2.5.0, urllib3 no controlaba las redirecciones en navegadores ni en Node.js. urllib3 admite su uso en un entorno de ejecución de Pyodide mediante la API Fetch de JavaScript o recurriendo a XMLHttpRequest. Esto significa que las librerías de Python pueden usarse para realizar solicitudes HTTP desde un navegador o Node.js. Además, urllib3 proporciona un mecanismo para controlar las redirecciones, pero los reintentos y los parámetros de redirección se ignoran con Pyodide; el propio entorno de ejecución determina el comportamiento de la redirección. Este problema se ha corregido en la versión 2.5.0."}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-601", "description": "CWE-601"}]}], "providerMetadata": {"orgId": "00000000-0000-4000-A000-000000000003", "shortName": "nvd", "dateUpdated": "2025-06-19T02:15:17Z", "x_subShortName": "nvd"}}}, "cveMetadata": {"cveId": "CVE-2025-50182", "state": "PUBLISHED", "dateUpdated": "2025-12-22T19:15:49Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2025-06-19T02:15:17Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.0"}