Description

There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resources being used while parsing the value.

Remediation

References

CVE-2024-7592

Related Vulnerabilities

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-5340)

WordPress Plugin Flexible Checkout Fields for WooCommerce Security Bypass (2.3.1)

PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2017-11628)

Oracle Application Server CVE-2008-7237 Vulnerability (CVE-2008-7237)

WordPress Plugin PropertyHive Remote Code Execution (1.4.25)

Severity

High

Classification

CVE-2024-7592 CWE-1333 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities