CVE-2020-8492

Source
https://nvd.nist.gov/vuln/detail/CVE-2020-8492
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-8492.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2020-8492
Aliases
Downstream
Related
Published
2020-01-30T19:15:12Z
Modified
2025-08-11T14:44:39.213480Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking.

References