Name of the Vulnerable Software and Affected Versions urllib3 versions prior to 1.24.2

Description The issue arises from the mishandling of certain cases where the desired set of CA certificates differs from the OS store of CA certificates. This results in SSL connections succeeding when they should actually fail verification. The problem is related to the use of the ssl context, ca certs, or ca certs dir argument.

Recommendations For versions prior to 1.24.2, update to version 1.24.2 or later to resolve the issue. As a temporary workaround, consider restricting the use of the ssl context, ca certs, or ca certs dir argument until the update is applied.