[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2019-11324":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":27,"aliases":28,"duplicate_of":9,"upstream":31,"downstream":32,"duplicates":85,"related":86,"reserved_at":9,"published_at":100,"modified_at":101,"state":102,"summary":103,"references_raw":112,"kevs":210,"epss":211,"epss_history":214,"metrics":470,"affected":485},"CVE-2019-11324","The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure is the correct outcome. This is related to use of the ssl_context, ca_certs, or ca_certs_dir argument.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-295","Improper Certificate Validation","The product does not validate, or incorrectly validates, a certificate.","weakness","Draft","Base",[19,23],{"id":20,"name":21,"techniques":22},"CAPEC-459","Creating a Rogue Certification Authority Certificate",[],{"id":24,"name":25,"techniques":26},"CAPEC-475","Signature Spoofing by Improper Validation",[],[],[29,30],"GHSA-mh33-7rrq-662w","PYSEC-2019-133",[],[33,35,37,39,41,43,45,47,49,51,53,55,57,59,61,63,65,67,69,71,73,75,77,79,81,83],{"_key":34},"SUSE-SU-2019:2391-1",{"_key":36},"SUSE-SU-2019:2267-1",{"_key":38},"SUSE-SU-2019:2300-1",{"_key":40},"SUSE-SU-2019:2331-1",{"_key":42},"SUSE-SU-2019:2332-1",{"_key":44},"SUSE-SU-2019:2370-1",{"_key":46},"UBUNTU-CVE-2019-11324",{"_key":48},"OPENSUSE-SU-2019:2131-1",{"_key":50},"OPENSUSE-SU-2019:2133-1",{"_key":52},"OPENSUSE-SU-2024:11277-1",{"_key":54},"OPENSUSE-SU-2024:14055-1",{"_key":56},"OPENSUSE-SU-2024:14144-1",{"_key":58},"DLA-2686-1",{"_key":60},"DLA-3610-1",{"_key":62},"RHBA-2020:2785",{"_key":64},"RHBA-2020:2804",{"_key":66},"RHSA-2019:3335",{"_key":68},"RHSA-2019:3590",{"_key":70},"RHSA-2020:0850",{"_key":72},"RHSA-2020:1605",{"_key":74},"RHSA-2020:1916",{"_key":76},"RHSA-2020:2068",{"_key":78},"MGASA-2019-0258",{"_key":80},"MGASA-2020-0063",{"_key":82},"USN-3990-1",{"_key":84},"DEBIAN-CVE-2019-11324",[],[87,88,89,90,91,92,93,94,95,96,97,98,99],{"_key":34},{"_key":80},{"_key":36},{"_key":38},{"_key":40},{"_key":42},{"_key":44},{"_key":48},{"_key":50},{"_key":52},{"_key":54},{"_key":56},{"_key":78},"2019-04-18T00:00:00.000Z","2024-08-04T22:48:09.221Z","Modified",{"cisa_kev":104,"cisa_ransomware":104,"cisa_vendor":9,"epss_severity":105,"epss_score":106,"severity":107,"severity_score":108,"severity_version":109,"severity_source":110,"severity_vector":111,"severity_status":102},false,"low",0.01015,"high",7.5,"v3.0","nvd","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",[113,122,127,132,136,140,145,149,153,157,161,165,169,173,177,181,186,190,194,198,202,206],{"url":114,"sources":115,"tags":118},"https://github.com/urllib3/urllib3/compare/a6ec68a...1efadf4",[116,110,117],"cve.org","osv_pypi",[119,120,121],"Patch","Third Party Advisory","WEB",{"url":123,"sources":124,"tags":125},"http://www.openwall.com/lists/oss-security/2019/04/19/1",[116,110,117],[126,120,121],"Mailing List",{"url":128,"sources":129,"tags":130},"https://usn.ubuntu.com/3990-1/",[116,110,117],[131,120,121],"Vendor Advisory",{"url":133,"sources":134,"tags":135},"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00039.html",[116,110,117],[131,121],{"url":137,"sources":138,"tags":139},"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00041.html",[116,110,117],[131,121],{"url":141,"sources":142,"tags":143},"https://access.redhat.com/errata/RHSA-2019:3590",[116,110,117],[131,121,144],"Advisory",{"url":146,"sources":147,"tags":148},"https://access.redhat.com/errata/RHSA-2019:3335",[116,110,117],[131,121,144],{"url":150,"sources":151,"tags":152},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NKGPJLVLVYCL4L4B4G5TIOTVK4BKPG72/",[116,110],[131],{"url":154,"sources":155,"tags":156},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XOSA2NT4DUQDBEIWE6O7KKD24XND7TE2/",[116,110],[131],{"url":158,"sources":159,"tags":160},"https://lists.debian.org/debian-lts-announce/2021/06/msg00015.html",[116,110,117],[126,121],{"url":162,"sources":163,"tags":164},"https://lists.debian.org/debian-lts-announce/2023/10/msg00012.html",[116,110,117],[126,121],{"url":166,"sources":167,"tags":168},"https://nvd.nist.gov/vuln/detail/CVE-2019-11324",[117],[144],{"url":170,"sources":171,"tags":172},"https://github.com/urllib3/urllib3/commit/1efadf43dc63317cd9eaa3e0fdb9e05ab07254b1",[117],[121],{"url":174,"sources":175,"tags":176},"https://github.com/advisories/GHSA-mh33-7rrq-662w",[117],[144],{"url":178,"sources":179,"tags":180},"https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2019-133.yaml",[117],[121],{"url":182,"sources":183,"tags":184},"https://github.com/urllib3/urllib3",[117],[185],"PACKAGE",{"url":187,"sources":188,"tags":189},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NKGPJLVLVYCL4L4B4G5TIOTVK4BKPG72",[117],[121],{"url":191,"sources":192,"tags":193},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOSA2NT4DUQDBEIWE6O7KKD24XND7TE2",[117],[121],{"url":195,"sources":196,"tags":197},"https://pypi.org/project/urllib3/1.24.2",[117],[121],{"url":199,"sources":200,"tags":201},"https://usn.ubuntu.com/3990-1",[117],[121],{"url":203,"sources":204,"tags":205},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NKGPJLVLVYCL4L4B4G5TIOTVK4BKPG72/",[117],[121],{"url":207,"sources":208,"tags":209},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOSA2NT4DUQDBEIWE6O7KKD24XND7TE2/",[117],[121],[],{"date":212,"score":106,"percentile":213},"2026-06-04",0.77495,[215,219,222,225,228,231,234,237,240,243,246,249,252,254,257,261,264,267,270,273,276,279,282,285,288,290,292,295,298,301,303,306,309,312,315,318,321,324,327,330,333,336,338,341,344,347,350,353,356,359,361,364,367,370,374,377,379,382,385,388,391,394,397,400,402,404,407,410,413,416,419,421,424,426,429,432,435,437,439,441,443,446,449,452,454,457,459,461,463,466],{"date":216,"score":217,"percentile":218},"2025-11-04",0.01415,0.79914,{"date":220,"score":217,"percentile":221},"2025-11-05",0.79915,{"date":223,"score":217,"percentile":224},"2025-11-06",0.79918,{"date":226,"score":217,"percentile":227},"2025-11-07",0.7993,{"date":229,"score":217,"percentile":230},"2025-11-08",0.79936,{"date":232,"score":217,"percentile":233},"2025-11-09",0.79932,{"date":235,"score":217,"percentile":236},"2025-11-10",0.79922,{"date":238,"score":217,"percentile":239},"2025-11-11",0.79927,{"date":241,"score":217,"percentile":242},"2025-11-12",0.7994,{"date":244,"score":217,"percentile":245},"2025-11-13",0.79947,{"date":247,"score":217,"percentile":248},"2025-11-14",0.79953,{"date":250,"score":217,"percentile":251},"2025-11-15",0.79951,{"date":253,"score":217,"percentile":251},"2025-11-16",{"date":255,"score":217,"percentile":256},"2025-11-17",0.7995,{"date":258,"score":259,"percentile":260},"2025-11-18",0.01461,0.79203,{"date":262,"score":259,"percentile":263},"2025-11-19",0.7921,{"date":265,"score":259,"percentile":266},"2025-11-20",0.79215,{"date":268,"score":217,"percentile":269},"2025-11-21",0.79969,{"date":271,"score":217,"percentile":272},"2025-11-22",0.79972,{"date":274,"score":217,"percentile":275},"2025-11-23",0.79964,{"date":277,"score":217,"percentile":278},"2025-11-24",0.79963,{"date":280,"score":217,"percentile":281},"2025-11-25",0.79965,{"date":283,"score":217,"percentile":284},"2025-11-26",0.79966,{"date":286,"score":217,"percentile":287},"2025-11-27",0.7997,{"date":289,"score":217,"percentile":278},"2025-11-28",{"date":291,"score":217,"percentile":287},"2025-11-29",{"date":293,"score":217,"percentile":294},"2025-11-30",0.79971,{"date":296,"score":217,"percentile":297},"2025-12-01",0.80057,{"date":299,"score":217,"percentile":300},"2025-12-02",0.80061,{"date":302,"score":217,"percentile":300},"2025-12-03",{"date":304,"score":217,"percentile":305},"2025-12-04",0.79975,{"date":307,"score":217,"percentile":308},"2025-12-05",0.79981,{"date":310,"score":217,"percentile":311},"2025-12-06",0.79984,{"date":313,"score":217,"percentile":314},"2025-12-07",0.79985,{"date":316,"score":217,"percentile":317},"2025-12-08",0.79989,{"date":319,"score":217,"percentile":320},"2025-12-09",0.80003,{"date":322,"score":217,"percentile":323},"2025-12-10",0.80027,{"date":325,"score":217,"percentile":326},"2025-12-11",0.80039,{"date":328,"score":217,"percentile":329},"2025-12-12",0.80058,{"date":331,"score":217,"percentile":332},"2025-12-13",0.8006,{"date":334,"score":217,"percentile":335},"2025-12-14",0.80059,{"date":337,"score":217,"percentile":335},"2025-12-15",{"date":339,"score":217,"percentile":340},"2025-12-16",0.80068,{"date":342,"score":217,"percentile":343},"2025-12-17",0.80075,{"date":345,"score":217,"percentile":346},"2025-12-18",0.80093,{"date":348,"score":217,"percentile":349},"2025-12-19",0.80103,{"date":351,"score":217,"percentile":352},"2025-12-20",0.80098,{"date":354,"score":217,"percentile":355},"2025-12-21",0.80092,{"date":357,"score":217,"percentile":358},"2025-12-22",0.80091,{"date":360,"score":217,"percentile":355},"2025-12-23",{"date":362,"score":217,"percentile":363},"2025-12-24",0.80109,{"date":365,"score":217,"percentile":366},"2025-12-25",0.80128,{"date":368,"score":217,"percentile":369},"2025-12-26",0.80125,{"date":371,"score":372,"percentile":373},"2025-12-27",0.01449,0.80376,{"date":375,"score":217,"percentile":376},"2025-12-28",0.80115,{"date":378,"score":217,"percentile":376},"2025-12-29",{"date":380,"score":217,"percentile":381},"2025-12-30",0.80121,{"date":383,"score":217,"percentile":384},"2025-12-31",0.80134,{"date":386,"score":217,"percentile":387},"2026-01-01",0.80218,{"date":389,"score":217,"percentile":390},"2026-01-02",0.80216,{"date":392,"score":217,"percentile":393},"2026-01-03",0.80214,{"date":395,"score":217,"percentile":396},"2026-01-04",0.80122,{"date":398,"score":217,"percentile":399},"2026-01-05",0.80118,{"date":401,"score":217,"percentile":381},"2026-01-06",{"date":403,"score":217,"percentile":366},"2026-01-07",{"date":405,"score":217,"percentile":406},"2026-01-08",0.80138,{"date":408,"score":217,"percentile":409},"2026-01-09",0.80139,{"date":411,"score":217,"percentile":412},"2026-01-10",0.80137,{"date":414,"score":217,"percentile":415},"2026-01-11",0.8013,{"date":417,"score":217,"percentile":418},"2026-01-12",0.80117,{"date":420,"score":217,"percentile":376},"2026-01-13",{"date":422,"score":217,"percentile":423},"2026-01-14",0.80136,{"date":425,"score":217,"percentile":423},"2026-01-15",{"date":427,"score":217,"percentile":428},"2026-01-16",0.80145,{"date":430,"score":217,"percentile":431},"2026-01-17",0.80153,{"date":433,"score":217,"percentile":434},"2026-01-18",0.80144,{"date":436,"score":217,"percentile":412},"2026-01-19",{"date":438,"score":217,"percentile":423},"2026-01-20",{"date":440,"score":217,"percentile":434},"2026-01-21",{"date":442,"score":217,"percentile":431},"2026-01-22",{"date":444,"score":217,"percentile":445},"2026-01-23",0.80181,{"date":447,"score":217,"percentile":448},"2026-01-24",0.80191,{"date":450,"score":217,"percentile":451},"2026-01-25",0.80182,{"date":453,"score":217,"percentile":445},"2026-01-26",{"date":455,"score":217,"percentile":456},"2026-01-27",0.80183,{"date":458,"score":217,"percentile":445},"2026-01-28",{"date":460,"score":217,"percentile":445},"2026-01-29",{"date":462,"score":217,"percentile":451},"2026-01-30",{"date":464,"score":217,"percentile":465},"2026-01-31",0.80187,{"date":467,"score":468,"percentile":469},"2026-02-01",0.01388,0.80067,[471,480],{"source":110,"cvss_v2_0":472,"cvss_v3_0":477,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":473,"baseSeverity":9,"vectorString":474,"impactScore":475,"exploitabilityScore":476},5,"AV:N/AC:L/Au:N/C:N/I:P/A:N",2.9,10,{"baseScore":108,"baseSeverity":478,"vectorString":111,"impactScore":479,"exploitabilityScore":476},"HIGH",6,{"source":117,"cvss_v2_0":9,"cvss_v3_0":481,"cvss_v3_1":9,"cvss_v4_0":482},{"baseScore":108,"baseSeverity":9,"vectorString":111,"impactScore":479,"exploitabilityScore":476},{"baseScore":483,"baseSeverity":9,"vectorString":484,"impactScore":9,"exploitabilityScore":9},8.7,"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",[486,501,512],{"ecosystem":9,"name":487,"vendor":488,"product":489,"cpe_part":490,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":491},"ubuntu linux","canonical","ubuntu_linux","o",[492,495,497,499],{"version":493,"is_range":104,"range_type":494,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"16.04","cpe",{"version":496,"is_range":104,"range_type":494,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"18.04",{"version":498,"is_range":104,"range_type":494,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"18.10",{"version":500,"is_range":104,"range_type":494,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"19.04",{"ecosystem":502,"name":503,"vendor":502,"product":503,"cpe_part":9,"purl_type":504,"purl_namespace":9,"purl_name":503,"source":9,"versions":505},"PyPI","urllib3","pypi",[506],{"version":507,"is_range":508,"range_type":509,"version_start":9,"version_start_type":9,"version_end":510,"version_end_type":511,"fixed_in":9},"lt1_24_2",true,"ecosystem","1.24.2","excluding",{"ecosystem":9,"name":503,"vendor":513,"product":503,"cpe_part":514,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":515},"python","a",[516],{"version":517,"is_range":508,"range_type":494,"version_start":9,"version_start_type":9,"version_end":510,"version_end_type":511,"fixed_in":9},"lt1.24.2"]