Description

Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking.

Remediation

References

CVE-2020-8492

Related Vulnerabilities

Apache Tomcat Other Vulnerability (CVE-2006-7197)

GeoServer Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-23818)

WordPress Plugin GD Star Rating 'tpl_section' Parameter Cross-Site Scripting (1.9.16)

MediaWiki Other Vulnerability (CVE-2007-0894)

WordPress Plugin Users to CSV Cross-Site Request Forgery (1.4.5)

Severity

Medium

Classification

CVE-2020-8492 CWE-400 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities