AIKIDO-2024-10417
urllib3-future is vulnerable to Inadequate Encryption Strength
50
Medium
urllib3-future python
AIKIDO-2024-10417: urllib3-future is vulnerable to Inadequate Encryption Strength in versions 2.0.931 - 2.11.907.
Inadequate Encryption Strength
Vuln in 2.0.931 - 2.11.907
Fixed in 2.11.908
No CVE available
TL;DR
Affected versions of the package are vulnerable to inadequate encryption strength. They support insecure TLS 1.0 and TLS 1.1 protocols which are susceptible to man-in-the-middle attacks thereby compromising confidentiality and integrity of data.
Who does this affect?
You're affected if you are using a version which is within vulnerability ranges.
How can it be fixed?
Upgrade urllib3-future library to patch version.
Background info
Don’t be left in the dark
With in-house intel and access to top vulnerability databases, see it all with Aikido.
© 2024 Aikido Security BV | BE0792914919
🇪🇺 Grauwpoort 1, 9000 Ghent, Belgium
🇺🇸 95 Third St, 2nd Fl, San Francisco, CA 94103, US