PYSEC-2021-108

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/urllib3/PYSEC-2021-108.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2021-108
Aliases
Published
2021-06-29T11:15:00Z
Modified
2023-11-01T04:55:35.224801Z
Summary
[none]
Details

An issue was discovered in urllib3 before 1.26.5. When provided with a URL containing many @ characters in the authority component, the authority regular expression exhibits catastrophic backtracking, causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect.

References

Affected packages

PyPI / urllib3

Package

Affected ranges

Type
GIT
Repo
https://github.com/urllib3/urllib3
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.26.5

Affected versions

0.*

0.2
0.3
0.3.1
0.4.0
0.4.1

1.*

1.0
1.0.1
1.0.2
1.1
1.2
1.2.1
1.2.2
1.3
1.4
1.5
1.6
1.7
1.7.1
1.8
1.8.2
1.8.3
1.9
1.9.1
1.10
1.10.1
1.10.2
1.10.3
1.10.4
1.11
1.12
1.13
1.13.1
1.14
1.15
1.15.1
1.16
1.17
1.18
1.18.1
1.19
1.19.1
1.20
1.21
1.21.1
1.22
1.23
1.24
1.24.1
1.24.2
1.24.3
1.25
1.25.1
1.25.2
1.25.3
1.25.4
1.25.5
1.25.6
1.25.7
1.25.8
1.25.9
1.25.10
1.25.11
1.26.0
1.26.1
1.26.2
1.26.3
1.26.4