SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

Download | Alert*

CVE

CVE-2020-8492

Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:		CVSS V2 Severity:
CVSS Score : 6.5		CVSS Score : 7.1
Exploit Score: 2.8		Exploit Score: 8.6
Impact Score: 3.6		Impact Score: 6.9

CVSS V3 Metrics:		CVSS V2 Metrics:
Attack Vector: NETWORK		Access Vector: NETWORK
Attack Complexity: LOW		Access Complexity: MEDIUM
Privileges Required: NONE		Authentication: NONE
User Interaction: REQUIRED		Confidentiality: NONE
Scope: UNCHANGED		Integrity: NONE
Confidentiality: NONE		Availability: COMPLETE
Integrity: NONE
Availability: HIGH

Reference:

FEDORA-2020-6a88dad4a0

FEDORA-2020-8bdd3fd7a4

FEDORA-2020-98e0f0f11b

FEDORA-2020-ea5bdbcc90

GLSA-202005-09

USN-4333-1

USN-4333-2

https://lists.apache.org/thread.html/rdb31a608dd6758c6093fd645aea3fbf022dd25b37109b6aaea5bc0b5%40%3Ccommits.cassandra.apache.org%3E

https://lists.apache.org/thread.html/rfec113c733162b39633fd86a2d0f34bf42ac35f711b3ec1835c774da%40%3Ccommits.cassandra.apache.org%3E

https://lists.debian.org/debian-lts-announce/2020/07/msg00011.html

https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html

https://bugs.python.org/issue39503

https://github.com/python/cpython/pull/18284

https://python-security.readthedocs.io/vuln/urllib-basic-auth-regex.html

https://security.netapp.com/advisory/ntap-20200221-0001/

openSUSE-SU-2020:0274


30430



423868



247621



909



194512



282