Description

Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking.

Remediation

References

CVE-2020-8492

Related Vulnerabilities

WordPress Plugin DSubscribers SQL Injection (1.2)

WordPress Plugin Magn WP Drag and Drop Upload Arbitrary File Upload (1.1.4)

Liferay Portal Insecure Default Initialization of Resource Vulnerability (CVE-2024-26267)

TYPO3 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2010-3662)

Coppermine Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3722)

Severity

Medium

Classification

CVE-2020-8492 CWE-400 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities