Description
Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking.
Remediation
References
Related Vulnerabilities
WordPress Plugin DSubscribers SQL Injection (1.2)
WordPress Plugin Magn WP Drag and Drop Upload Arbitrary File Upload (1.1.4)
Liferay Portal Insecure Default Initialization of Resource Vulnerability (CVE-2024-26267)
Coppermine Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3722)