Description

Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking.

Remediation

References

CVE-2020-8492

Related Vulnerabilities

Dot CMS Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2017-11466)

PHP Use After Free Vulnerability (CVE-2016-5773)

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-35479)

WordPress Plugin Download Plugins and Themes from Dashboard Cross-Site Scripting (1.5.0)

IBM RTC Improper Restriction of XML External Entity Reference Vulnerability (CVE-2016-0219)

Severity

Medium

Classification

CVE-2020-8492 CWE-400 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities