Skip to content

CVE-2025-50182 (MEDIUM): detected in Lambda Docker Images. #286

New issue
New issue
Closed
Closed
CVE-2025-50182 (MEDIUM): detected in Lambda Docker Images.#286
@the-lambda-watchdog

Description

@the-lambda-watchdog
the-lambda-watchdog
opened on Jun 20, 2025

CVE Details

CVE ID Severity Affected Package Installed Version Fixed Version Date Published Date of Scan
CVE-2025-50182 MEDIUM urllib3 1.26.19 2.5.0 2025-06-19T02:15:17.967Z 2025-06-20T10:18:31.662285222Z

Affected Docker Images

Image Name SHA
public.ecr.aws/lambda/python:latest public.ecr.aws/lambda/python@sha256:01a68895b1eab3e6fe7a37dcc71f65791c353c5c76aed65c6c8cb5977033e575
public.ecr.aws/lambda/python:3.13 public.ecr.aws/lambda/python@sha256:01a68895b1eab3e6fe7a37dcc71f65791c353c5c76aed65c6c8cb5977033e575
public.ecr.aws/lambda/python:3.12 public.ecr.aws/lambda/python@sha256:e439bfe54736ab17b3236d8a38824bbfa4ee745b80ac6a1fc45ad1d772457e0d
public.ecr.aws/lambda/python:3.11 public.ecr.aws/lambda/python@sha256:759fbc2f7568156874aa6eb0ddce083a242f78104927edfb17e7f3fcd3caf420
public.ecr.aws/lambda/python:3.10 public.ecr.aws/lambda/python@sha256:bdd42e632d7f0ff456a7a9d72818ab9f6c7e7b82230dc95477c3f6361da2bc34
public.ecr.aws/lambda/python:3.9 public.ecr.aws/lambda/python@sha256:a7cce2f593062bf9cf249459077f728d0f5d7f7f1565bc7a89b4f2227e233789

Description

urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, urllib3 does not control redirects in browsers and Node.js. urllib3 supports being used in a Pyodide runtime utilizing the JavaScript Fetch API or falling back on XMLHttpRequest. This means Python libraries can be used to make HTTP requests from a browser or Node.js. Additionally, urllib3 provides a mechanism to control redirects, but the retries and redirect parameters are ignored with Pyodide; the runtime itself determines redirect behavior. This issue has been patched in version 2.5.0.

Remediation Steps

  • Update the affected package urllib3 from version 1.26.19 to 2.5.0.

About this issue

  • This issue may not contain all the information about the CVE nor the images it affects.
  • This issue will not be updated with new information and the list of affected images may have changed since the creation of this issue.
  • For more, visit Lambda Watchdog.
  • This issue was created automatically by Lambda Watchdog.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions