Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2021-3733

Опубликовано: 10 мар. 2022
Источник: debian

Описание

There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
python3.9fixed3.9.7-1package
python3.7removedpackage
python3.5removedpackage
python2.7removedpackage
python2.7ignoredbullseyepackage
pypy3fixed7.3.5+dfsg-2package
pypy3no-dsabusterpackage

Примечания

  • https://bugs.python.org/issue43075

  • https://github.com/python/cpython/pull/24391

  • https://github.com/python/cpython/commit/7215d1ae25525c92b026166f9d5cac85fb1defe1 (master)

  • https://github.com/python/cpython/commit/a21d4fbd549ec9685068a113660553d7f80d9b09 (3.9.5)

  • https://github.com/python/cpython/commit/e7654b6046090914a8323931ed759a94a5f85d60 (3.8.10)

  • https://github.com/python/cpython/commit/ada14995870abddc277addf57dd690a2af04c2da (3.7.11)

  • https://github.com/python/cpython/commit/3fbe96123aeb66664fa547a8f6022efa2dc8788f (3.6.14)

  • https://github.com/pypy/pypy/commit/d670377acb9e9217c4c21164428ba4b528e5b389 (release-pypy3.7-v7.3.5rc2)

Связанные уязвимости

ubuntu логотип

CVE-2021-3733

CVSS3: 6.5
ubuntu
больше 3 лет назад

There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability.

redhat логотип

CVE-2021-3733

CVSS3: 6.5
redhat
почти 4 года назад

There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability.

nvd логотип

CVE-2021-3733

CVSS3: 6.5
nvd
больше 3 лет назад

There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability.

msrc логотип

CVE-2021-3733

CVSS3: 6.5
msrc
около 3 лет назад

Описание отсутствует

github логотип

GHSA-wj55-vqcq-gxcp

CVSS3: 6.5
github
больше 3 лет назад

There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability.