AIKIDO-2025-10964
urllib3-future is vulnerable to Allocation of Resources Without Limits or Throttling
89
High Risk
This Affects:
urllib3-futureTL;DR
Affected versions of this package are vulnerable to a Denial of Service (DoS) due to unbounded chained HTTP content-encoding decompression as defined in RFC 9110, where a malicious server can provide a response with a virtually unlimited number of compression layers (for example, gzip, zstd), leading to excessive CPU consumption and massive memory allocation during decompression when applications using older versions make HTTP requests to untrusted sources without explicitly disabling content decoding.
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range.
Background info
urllib3-future is vulnerable to Allocation of Resources Without Limits or Throttling in versions 1.24 - 2.14.908.
How to fix this
Upgrade the urllib3-future library to the patch version.
Links
GitHub Release
Are You Affected?
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.
SOC 2Compliant
ISO 27001Compliant