QwikSec

Security Database

CVE

CWE

Training

CVE-2020-8492

Published: Jan 30, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://bugs.python.org/issue39503

https://python-security.readthedocs.io/vuln/urllib-basic-auth-regex.html

https://github.com/python/cpython/pull/18284

https://security.netapp.com/advisory/ntap-20200221-0001/

openSUSE-SU-2020:0274

vendor-advisory

vendor-advisory

vendor-advisory

vendor-advisory

FEDORA-2020-98e0f0f11b

vendor-advisory

FEDORA-2020-6a88dad4a0

vendor-advisory

FEDORA-2020-8bdd3fd7a4

vendor-advisory

FEDORA-2020-ea5bdbcc90

vendor-advisory

[debian-lts-announce] 20200715 [SECURITY] [DLA 2280-1] python3.5 security update

mailing-list

[cassandra-commits] 20210816 [jira] [Created] (CASSANDRA-16857) Security vulnerability CVE-2020-8492

mailing-list

[cassandra-commits] 20210816 [jira] [Updated] (CASSANDRA-16857) Security vulnerability CVE-2020-8492

mailing-list

[debian-lts-announce] 20230524 [SECURITY] [DLA 3432-1] python2.7 security update

mailing-list

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.