Description

Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking.

Remediation

References

CVE-2020-8492

Related Vulnerabilities

WordPress Plugin Donation Forms by Charitable-Donations & Fundraising Platform for WordPress Cross-Site Scripting (1.7.0.10)

phpBB Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2007-5688)

Apache Tomcat Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2013-6357)

Oracle Application Server CVE-2008-2583 Vulnerability (CVE-2008-2583)

WordPress Plugin Fetch Tweets Cross-Site Scripting (2.6.4)

Severity

Medium

Classification

CVE-2020-8492 CWE-400 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities