kubernetes-client/python

Vulnerability [CVE-2025-50182, CVE-2025-50181] is getting reported for package urllib3

Open

#2,424 opened on Jul 24, 2025

View on GitHub
 (6 comments) (0 reactions) (0 assignees)Python (6,225 stars) (3,323 forks)batch import
help wanted

Description

Vulnerability [https://github.com/advisories/GHSA-48p4-8xcf-vxj5, https://github.com/advisories/GHSA-pq67-6m6q-mj2v] is getting reported for the Python package urllib3 while installing the Kubernetes package version 33.1.0. Can you please provide the details on when we are releasing the latest version with this fix in it? Please provide the details of the Kubernetes version in which this has been fixed.

kubernetes-33.1.0-py2.py3-none-any.whl (Root Library)
❌ urllib3-2.4.0-py3-none-any.whl (Vulnerable Library)

Contributor guide

Tech stack
python
Domain
security
Issue type
security
DifficultyEstimated implementation difficulty for a new contributor, from 1 for very small changes to 5 for expert-level work.
2
Estimated timeA rough time range for an experienced contributor to investigate, implement, test, and prepare a pull request.
1-3 hours
Activity statusHow available the issue appears right now: fresh, active, stale, blocked, or waiting on maintainer input.
needs maintainer response
ClarityHow clearly the issue explains the expected change, acceptance criteria, and next step.
clear
Prerequisites
PythonKubernetes
Newbie friendlinessA 1-100 score estimating how approachable this issue is for first-time contributors.
40
Research direction
Check the issue comments for any maintainer responses. Look at the GitHub releases of kubernetes client/python to see if a newer version includes the fix. Also check the urllib3 advisory for patched versions. Provide a clear answer with the fixed version number and release date.