AZL-6821

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-6821.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-6821

Upstream

CVE-2021-33503

Published

2021-06-29T11:15:07Z

Modified

2026-04-01T05:21:22.302243Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

CVE-2021-33503 affecting package python-urllib3 for versions less than 1.25.9-3

Details

An issue was discovered in urllib3 before 1.26.5. When provided with a URL containing many @ characters in the authority component, the authority regular expression exhibits catastrophic backtracking, causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect.

References

https://nvd.nist.gov/vuln/detail/CVE-2021-33503

Affected packages

Azure Linux:2 / python-urllib3

Package

Name: python-urllib3
Purl: pkg:rpm/azure-linux/python-urllib3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.25.9-3

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-6821.json"