Security Advisory Description
The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure is the correct outcome. This is related to use of the ssl_context, ca_certs, or ca_certs_dir argument. (CVE-2019-11324)
Impact
For products with None in theVersions known to be vulnerable column, there is no impact.
When this flaw is exploited, TLS handshakes that should fail based on the system CA certificates erroneously succeed instead.