Skip to content

[GHSA-39j6-4867-gg4w] utcp-http vulnerable to SSRF via attacker-controlled OpenAPI servers[0].url in HTTP communication protocol#8506

Open
theinfosecguy wants to merge 1 commit into
github:theinfosecguy/advisory-improvement-8506from
theinfosecguy:theinfosecguy-GHSA-39j6-4867-gg4w
Open

[GHSA-39j6-4867-gg4w] utcp-http vulnerable to SSRF via attacker-controlled OpenAPI servers[0].url in HTTP communication protocol#8506
theinfosecguy wants to merge 1 commit into
github:theinfosecguy/advisory-improvement-8506from
theinfosecguy:theinfosecguy-GHSA-39j6-4867-gg4w

Conversation

@theinfosecguy

Copy link
Copy Markdown

Updates

  • Affected products

Comments
Version 1.1.2 is yanked from PyPI because the fix was incomplete. The upstream advisory lists 1.1.3 as the patched version.

@github-actions github-actions Bot changed the base branch from main to theinfosecguy/advisory-improvement-8506 July 6, 2026 04:48
@theinfosecguy theinfosecguy force-pushed the theinfosecguy-GHSA-39j6-4867-gg4w branch from ae32626 to f5e5ce9 Compare July 6, 2026 04:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant