Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
History
07 Nov 2023, 03:26
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
24 May 2023, 21:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
16 Sep 2021, 15:46
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:* cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:* cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:* cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:* cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:* |
|
References |
|
|
References | (GENTOO) https://security.gentoo.org/glsa/202005-09 - Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7WOKDEXLYW5UQ4S7PA7E37IITOC7C56J/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UESGYI5XDAHJBATEZN3MHNDUBDH47AS6/ - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/rdb31a608dd6758c6093fd645aea3fbf022dd25b37109b6aaea5bc0b5@%3Ccommits.cassandra.apache.org%3E - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2020/07/msg00011.html - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APGWEMYZIY5VHLCSZ3HD67PA5Z2UQFGH/ - Mailing List, Third Party Advisory | |
References | (UBUNTU) https://usn.ubuntu.com/4333-1/ - Third Party Advisory | |
References | (UBUNTU) https://usn.ubuntu.com/4333-2/ - Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5NSAX4SC3V64PGZUPH7PRDLSON34Q5A/ - Mailing List, Third Party Advisory |
16 Aug 2021, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2020-01-30 19:15
Updated : 2023-12-10 13:13
NVD link : CVE-2020-8492
Mitre link : CVE-2020-8492
CVE.ORG link : CVE-2020-8492
JSON object : View
Products Affected
python
- python
opensuse
- leap
debian
- debian_linux
canonical
- ubuntu_linux
fedoraproject
- fedora
CWE
CWE-400
Uncontrolled Resource Consumption