BIT-python-min-2020-8492
See a problem?- Import Source
- https://github.com/bitnami/vulndb/tree/main/data/python-min/BIT-python-min-2020-8492.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/BIT-python-min-2020-8492
- Aliases
- Published
- 2025-01-16T07:23:43.889Z
- Modified
- 2025-01-17T15:26:01.971Z
- Summary
- [none]
- Details
-
Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking.
- Database specific
{ "cpes": [ "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*" ], "severity": "Medium" }- References
-
- http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00003.html
- https://bugs.python.org/issue39503
- https://github.com/python/cpython/pull/18284
- https://lists.apache.org/thread.html/rdb31a608dd6758c6093fd645aea3fbf022dd25b37109b6aaea5bc0b5%40%3Ccommits.cassandra.apache.org%3E
- https://lists.apache.org/thread.html/rfec113c733162b39633fd86a2d0f34bf42ac35f711b3ec1835c774da%40%3Ccommits.cassandra.apache.org%3E
- https://lists.debian.org/debian-lts-announce/2020/07/msg00011.html
- https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WOKDEXLYW5UQ4S7PA7E37IITOC7C56J/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A5NSAX4SC3V64PGZUPH7PRDLSON34Q5A/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APGWEMYZIY5VHLCSZ3HD67PA5Z2UQFGH/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UESGYI5XDAHJBATEZN3MHNDUBDH47AS6/
- https://python-security.readthedocs.io/vuln/urllib-basic-auth-regex.html
- https://security.gentoo.org/glsa/202005-09
- https://security.netapp.com/advisory/ntap-20200221-0001/
- https://usn.ubuntu.com/4333-1/
- https://usn.ubuntu.com/4333-2/
Affected packages
Bitnami / python-min
Package
- Name
- python-min
- Purl
- pkg:bitnami/python-min
Severity
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator