Jorge Lopez Silva

2 exploits Active since Dec 2018
CVE-2021-28363 WRITEUP MEDIUM WRITEUP
urllib3 1.26.0-1.26.3 - Improper Certificate Validation in HTTPS Proxy Connections
The urllib3 library 1.26.x before 1.26.4 for Python omits SSL certificate validation in some cases involving HTTPS to HTTPS proxies. The initial connection to the HTTPS proxy (if an SSLContext isn't given via proxy_config) doesn't verify the hostname of the certificate. This means certificates for different servers that still validate properly with the default urllib3 SSLContext will be silently accepted.
CVSS 6.5
CVE-2018-6346 WRITEUP HIGH WRITEUP
Proxygen < 2018.12.31.00 - Denial of Service via Invalid HTTP2 Priority Settings
A potential denial-of-service issue in the Proxygen handling of invalid HTTP2 priority settings (specifically a circular dependency). This affects Proxygen prior to v2018.12.31.00.
CVSS 7.5