CVE-2020-8492

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2020-8492
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-8492.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2020-8492
Aliases
Downstream
Related
Published
2020-01-30T19:15:12.103Z
Modified
2025-11-14T03:34:56.870037Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking.

References

Affected packages

Git / github.com/python/cpython

Affected ranges

Type
GIT
Repo
https://github.com/python/cpython
Events
Introduced
5c4568a05a0a62b5947c55f68f9f2ecfb90a4f12
Last affected
02dff8b01100e7cd6d4c93be27202ccb4ea05811
Introduced
fa919fdf2583bdfead1df00e842f24f30b2a34bf
Last affected
1b293b60067f6f4a95984d064ce0f6b6d34c1216
Introduced
1bf9cc509326bc42cd8cb1650eb9bf64550d817e
Last affected
43364a7ae01fbe4288ef42622259a0038ce1edcc
Last affected
c2f86d86e6c8f5fd1ef602128b537a48f3f5c063
Introduced
2e789a1f1d84b343a996e8654590703b5fbdd441
Last affected
e5f6aba872e66bfd86eb592214696a519cded197

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-8492.json"