CVE-2020-8492

2020-01-30T19:15:00
ID CVE-2020-8492
Type cve
Reporter cve@mitre.org
Modified 2020-07-15T12:15:00

Description

Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking.