CVE-2020-8492

Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service ReDoS attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking...

CVE-2020-8492

Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service ReDoS attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking...

Code injection

Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service ReDoS attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking...

CVE-2020-8492

CVE-2020-8492 describes a Regular Expression Denial of Service (ReDoS) in Python’s urllib.request.AbstractBasicAuthHandler that can be triggered by a malicious HTTP server. The vulnerability affects Python 2.7 (up to 2.7.17) and multiple 3.x releases (up to 3.8.1 per the CVE summary). Connected a...

CVE-2020-8492

Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service ReDoS attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking...

PSF-2020-8 urllib basic auth regex denial of service

Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service ReDoS attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking...

CVE-2020-8492

Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service ReDoS attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking...

PT-2020-6268 · Python +9 · Python +9

Name of the Vulnerable Software and Affected Versions: Python versions 2.7 through 2.7.17 Python versions 3.5 through 3.5.9 Python versions 3.6 through 3.6.10 Python versions 3.7 through 3.7.6 Python versions 3.8 through 3.8.1 Description: The issue is related to an uncontrolled consumption of...

CVE-2020-8492

Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service ReDoS attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking...

Git-Vuln-Finder - Finding Potential Software Vulnerabilities From Git Commit Messages

Finding potential software vulnerabilities from git commit messages. The output format is a JSON with the associated commit which could contain a fix regarding a software vulnerability. The search is based on a set of regular expressions against the commit messages only. If CVE IDs are present,...

Regular Expression Denial Of Service (ReDoS)

vue-moment is vulnerable to regular expression denial of service ReDoS attacks. These attacks are possible because it has a vulnerable static dependency which uses a flawed regular expression taking long time in matching dates for long strings...

Python -- Regular Expression DoS attack against client

Ben Caller and Matt Schwager reports: Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service ReDoS attacks against a client because of urllib.request.AbstractBasicAuthHandler...

Regular Expression Denial Of Service (ReDoS)

diff is vulnerable to regular expression denial of service ReDoS. The vulnerability exists due to improper use of regular expression to parse data from the fileHeader parameter in parseFileHeader, allowing an attacker to cause a denial of service condition by submitting a malicious file header...

Regular Expression Denial Of Service (ReDoS)

webrick is vulenrable to regex denial of service. An attacker is able to crash the application by submitting malicious strings within the Authorization header to the authentication module...

Denial Of Service (DoS)

OpenJDK is vulnerable to Regular Expression Denial of Service ReDoS. It is due to unexpected exception thrown during regular expression processing in Nashorn...

Metasploit HTTP(S) handler DoS

This module exploits the Metasploit HTTPS handler by sending a specially crafted HTTP request that gets added as a resource handler. Resources which come from the external connections are evaluated as RegEx in the handler server. Specially crafted input can trigger Gentle, Soft and Hard DoS. Test...

Regular Expression Denial Of Service (ReDoS)

mimer is vulnerable to regular expression denial of service ReDoS. The function extGetter uses an incorrect regular expression to split file path input from the user, causing an application crash via intensive CPU and memory consumption when parsing malicious file path...

PT-2019-5583 · Python +10 · Python +10

Name of the Vulnerable Software and Affected Versions: Python versions 2.7.16 and earlier, 3.x through 3.6.9, and 3.7.x through 3.7.4 Description: The issue is related to the documentation XML-RPC server in Python, which is vulnerable to cross-site scripting XSS attacks via the server title field...

Denial of Service in rgb2hex

All versions of rgb2hex are vulnerable to Regular Expression Denial of Service ReDoS when an attacker can pass in a specially crafted invalid color value. Recommendation Update to version 0.1.6 or later...

Regular Expression Denial Of Service (ReDoS)

Django is vulnerable to regular expression denial of service ReDoS. The attack is due to lack of validation of inputs to a regular expression in django.utils.text.Truncator's chars and words methods, eventually causing an application crash if the input html=True is provided...