Lucene search

CVE-2021-3733

🗓️ 10 Mar 2022 17:59:42Reported by redhatType

cve🔗 web.nvd.nist.gov📰️ 6 Media mentions👁 753 Views

Flaw in urllib's AbstractBasicAuthHandler class, leading to ReDOS during authentication

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 199
RedhatCVE	CVE-2021-3733	31 Aug 202115:31	–	redhatcve
NVD	CVE-2021-3733	10 Mar 202217:42	–	nvd
AlmaLinux	Moderate: python3 security update	2 Nov 202107:48	–	almalinux
AlmaLinux	Moderate: python38:3.8 and python38-devel:3.8 security update	10 May 202206:23	–	almalinux
AlmaLinux	Moderate: python27:2.7 security update	10 May 202208:02	–	almalinux
AlmaLinux	Moderate: python39:3.9 and python39-devel:3.9 security update	9 Nov 202108:26	–	almalinux
Tenable Nessus	CentOS 8 : python3 (CESA-2021:4057)	3 Nov 202100:00	–	nessus
Tenable Nessus	RHEL 8 : python3 (RHSA-2021:4057)	2 Nov 202100:00	–	nessus
Tenable Nessus	Oracle Linux 8 : python3 (ELSA-2021-4057)	2 Nov 202100:00	–	nessus
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2021-3733	5 Mar 202500:00	–	nessus

Nvd

Vulners

Node

python pythonRange<3.6.14

python pythonRange3.7.0–3.7.11

python pythonRange3.8.0–3.8.10

python pythonRange3.9.0–3.9.5

python pythonMatch3.10.0-

Node

redhat codeready_linux_builderMatch8.0

redhat codeready_linux_builder_for_ibm_z_systemsMatch8.0

redhat codeready_linux_builder_for_power_little_endianMatch8.0

redhat enterprise_linuxMatch8.0

redhat enterprise_linux_eusMatch8.4

redhat enterprise_linux_for_ibm_z_systemsMatch8.0

redhat enterprise_linux_for_ibm_z_systems_eusMatch8.4

redhat enterprise_linux_for_power_little_endianMatch8.0

redhat enterprise_linux_for_power_little_endian_eusMatch8.4

redhat enterprise_linux_server_ausMatch8.4

redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutionsMatch8.4

redhat enterprise_linux_server_tusMatch8.4

redhat enterprise_linux_server_update_services_for_sap_solutionsMatch8.4

Node

fedoraproject extra_packages_for_enterprise_linuxMatch7.0

fedoraproject fedoraMatch33

fedoraproject fedoraMatch34

fedoraproject fedoraMatch35

fedoraproject fedoraMatch36

Node

netapp management_services_for_element_software_and_netapp_hciMatch-

netapp ontap_select_deploy_administration_utilityMatch-

netapp solidfire,_enterprise_sds_&_hci_storage_nodeMatch-

netapp hci_compute_node_firmwareMatch-

[
  {
    "vendor": "n/a",
    "product": "python",
    "versions": [
      {
        "version": "Fixed in python v3.6.14, python v3.7.11, python v3.8.10, python v3.9.5.",
        "status": "affected"
      }
    ]
  }
]

Source	Link
security	www.security.netapp.com/advisory/ntap-20220407-0001/
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
bugs	www.bugs.python.org/issue43075
lists	www.lists.debian.org/debian-lts-announce/2023/05/msg00024.html
github	www.github.com/python/cpython/commit/7215d1ae25525c92b026166f9d5cac85fb
ubuntu	www.ubuntu.com/security/CVE-2021-3733
lists	www.lists.debian.org/debian-lts-announce/2023/06/msg00039.html
github	www.github.com/python/cpython/pull/24391

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

10 Mar 2022 17:42Current

7.1High risk

Vulners AI Score7.1

CVSS24

CVSS36.5

EPSS0.00439

CWE-400