GoogleOSV:GHSA-V3C5-JQR6-7QM8Python Charmers Future denial of service vulnerability
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.004 Low
EPSS
Percentile
74.4%
An issue discovered in Python Charmers Future 0.18.2 and earlier allows remote attackers to cause a denial of service via crafted Set-Cookie header from malicious web server. This issue has been patched in version 0.18.3.
References
github.com/python/cpython/pull/17157
github.com/PythonCharmers/python-future
github.com/PythonCharmers/python-future/blob/master/src/future/backports/http/cookiejar.py#L215
github.com/PythonCharmers/python-future/commit/c91d70b34ef0402aef3e9d04364ba98509dca76f
github.com/PythonCharmers/python-future/pull/610
nvd.nist.gov/vuln/detail/CVE-2022-40899
pypi.org/project/future
pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.004 Low
EPSS
Percentile
74.4%