Upgrade urllib3 to version 1.25.9 or later.

vitabaks · vitabaks · commit e55d295fbf69 · 2021-06-21T13:10:30.000+03:00
urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116. GHSA-wqvq-5m8c-6g24
diff --git a/files/requirements.txt b/files/requirements.txt
@@ -1,4 +1,4 @@
-urllib3>=1.24.2,<1.25
+urllib3>=1.25.9
 boto
 PyYAML
 six >= 1.7

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-urllib3>=1.24.2,<1.25`
	`1`	`+urllib3>=1.25.9`
`2`	`2`	`boto`
`3`	`3`	`PyYAML`
`4`	`4`	`six >= 1.7`