Sandumjacob

**Name of the Vulnerable Software and Affected Versions** urllib3 versions prior to 2.5.0 **Description** The issue affects how urllib3 handles redirects and retries, controlled by the `Retry` object. Normally, redirects can be disabled at the request level or by instantiating a `PoolManager` with specific `retries` settings. However, due to this issue, the `retries` parameter is ignored, making it impossible to disable redirects as intended. This leaves applications attempting to mitigate Server-Side Request Forgery (SSRF) or open redirect vulnerabilities by disabling redirects at the `PoolManager` level still vulnerable. **Recommendations** For versions prior to 2.5.0, upgrade to a patched version of urllib3. As a temporary workaround, consider disabling redirects at the `request()` level instead of the `PoolManager()` level.