SCA: security update for urllib3 (GHSA-pq67-6m6q-mj2v)

medium Tenable Self-Hosted Container Security Plugin ID 427893

Description

There are packages installed that are affected by a vulnerability referenced in the following CVE:

- urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable
redirects for all requests by instantiating a PoolManager and specifying retries in a way that disable
redirects. By default, requests and botocore users are not affected. An application attempting to mitigate
SSRF or open redirect vulnerabilities by disabling redirects at the PoolManager level will remain
vulnerable. This issue has been patched in version 2.5.0. (CVE-2025-50181)

See Also

https://github.com/advisories/GHSA-pq67-6m6q-mj2v

Plugin Details

Severity: Medium

ID: 427893

Version: Revision 1.15

Type: Local

Family: SCA Checks

Published: 6/18/2025

Updated: 7/2/2026

Supported Sensors: Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Low

Score: 2.3

Percentile: 9.42

Vendor

Vendor Severity: Medium

CVSS v2

Risk Factor: Medium

Base Score: 6.4

Temporal Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

CVSS Score Source: CVE-2025-50181

CVSS v3

Risk Factor: Medium

Base Score: 6.1

Temporal Score: 5.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/18/2025

Vulnerability Publication Date: 6/18/2025

Reference Information

CVE: CVE-2025-50181

IAVA: 2025-A-0900-S

cwe: CWE-601