6.1
CVSS V3
Status
Impact
The urllib3 vulnerability in version 1.26.20 is fixed in 2.5.0. However, this is a major version upgrade and upstream plans to eventually handle it. See https://github.com/pypa/pip/tree/d52011f2390f34ce3116df6526d1421e069441ce/src/pip/_vendor#automatic-vendoring
Status