Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

CVE ID:CVE-2020-8492
Description:Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking.
Test IDs: 1.3.6.1.4.1.25623.1.1.2.2020.1295   1.3.6.1.4.1.25623.1.1.2.2020.1296   1.3.6.1.4.1.25623.1.0.113638   1.3.6.1.4.1.25623.1.1.2.2020.1321   1.3.6.1.4.1.25623.1.0.113637   1.3.6.1.4.1.25623.1.0.113639   1.3.6.1.4.1.25623.1.0.878055   1.3.6.1.4.1.25623.1.0.877895   1.3.6.1.4.1.25623.1.0.877872   1.3.6.1.4.1.25623.1.0.878038   1.3.6.1.4.1.25623.1.0.844416   1.3.6.1.4.1.25623.1.0.844398   1.3.6.1.4.1.25623.1.1.4.2020.3865.1   1.3.6.1.4.1.25623.1.1.4.2020.14306.1  
Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2020-8492
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7WOKDEXLYW5UQ4S7PA7E37IITOC7C56J/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UESGYI5XDAHJBATEZN3MHNDUBDH47AS6/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APGWEMYZIY5VHLCSZ3HD67PA5Z2UQFGH/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5NSAX4SC3V64PGZUPH7PRDLSON34Q5A/
https://security.gentoo.org/glsa/202005-09
https://bugs.python.org/issue39503
https://github.com/python/cpython/pull/18284
https://python-security.readthedocs.io/vuln/urllib-basic-auth-regex.html
https://lists.apache.org/thread.html/rdb31a608dd6758c6093fd645aea3fbf022dd25b37109b6aaea5bc0b5@%3Ccommits.cassandra.apache.org%3E
https://lists.apache.org/thread.html/rfec113c733162b39633fd86a2d0f34bf42ac35f711b3ec1835c774da@%3Ccommits.cassandra.apache.org%3E
https://lists.debian.org/debian-lts-announce/2020/07/msg00011.html
SuSE Security Announcement: openSUSE-SU-2020:0274 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00003.html
https://usn.ubuntu.com/4333-1/
https://usn.ubuntu.com/4333-2/




© 1998-2024 E-Soft Inc. All rights reserved.