BIT-python-2020-8492
See a problem?- Import Source
- https://github.com/bitnami/vulndb/tree/main/data/python/BIT-python-2020-8492.json
- JSON Data
- https://api.osv.dev/v1/vulns/BIT-python-2020-8492
- Aliases
- Published
- 2024-03-06T11:07:08.066Z
- Modified
- 2024-03-06T11:25:28.861Z
- Summary
- [none]
- Details
-
Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking.
- References
-
- http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00003.html
- https://bugs.python.org/issue39503
- https://github.com/python/cpython/pull/18284
- https://lists.apache.org/thread.html/rdb31a608dd6758c6093fd645aea3fbf022dd25b37109b6aaea5bc0b5%40%3Ccommits.cassandra.apache.org%3E
- https://lists.apache.org/thread.html/rfec113c733162b39633fd86a2d0f34bf42ac35f711b3ec1835c774da%40%3Ccommits.cassandra.apache.org%3E
- https://lists.debian.org/debian-lts-announce/2020/07/msg00011.html
- https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WOKDEXLYW5UQ4S7PA7E37IITOC7C56J/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A5NSAX4SC3V64PGZUPH7PRDLSON34Q5A/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APGWEMYZIY5VHLCSZ3HD67PA5Z2UQFGH/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UESGYI5XDAHJBATEZN3MHNDUBDH47AS6/
- https://python-security.readthedocs.io/vuln/urllib-basic-auth-regex.html
- https://security.gentoo.org/glsa/202005-09
- https://security.netapp.com/advisory/ntap-20200221-0001/
- https://usn.ubuntu.com/4333-1/
- https://usn.ubuntu.com/4333-2/
Affected packages
Bitnami / python
Package
- Name
- python
- Purl
- pkg:bitnami/python
Severity
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator