Description

Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking.

Remediation

References

CVE-2020-8492

Related Vulnerabilities

WordPress Plugin Uji Countdown Cross-Site Scripting (2.2)

WordPress Plugin Slider Revolution Responsive Arbitrary File Upload (3.0.95)

Microsoft SQL Server Other Vulnerability (CVE-2000-0654)

WordPress Plugin Gravity Forms SQL Injection (1.9.3.5)

SeoPanel Cross-site Scripting (XSS) Vulnerability (CVE-2020-35930)

Severity

Medium

Classification

CVE-2020-8492 CWE-400 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities