Description
Describe the bug
The library urllib3 version 2.4.0 was detected is vulnerable to CVE-2025-50182
According our findings the vulnerability can be remediated by updating the library to version 2.5.0 or higher, using pip install --upgrade urllib3.
Regression Issue
- Select this option if this issue appears to be a regression.
Last Known Working CDK Library Version
No response
Expected Behavior
Description from vulnerable findings:
urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, urllib3 does not control redirects in browsers and Node.js. urllib3 supports being used in a Pyodide runtime utilizing the JavaScript Fetch API or falling back on XMLHttpRequest. This means Python libraries can be used to make HTTP requests from a browser or Node.js. Additionally, urllib3 provides a mechanism to control redirects, but the retries and redirect parameters are ignored with Pyodide; the runtime itself determines redirect behavior. This issue has been patched in version 2.5.0.
Current Behavior
Reproduction Steps
Possible Solution
No response
Additional Information/Context
No response
AWS CDK Library version (aws-cdk-lib)
2.202.0
AWS CDK CLI version
2.2.238
Node.js Version
OS
MacOS
Language
Python
Language Version
No response
Other information
No response