python-urllib3: ReDoS in the parsing of authority part of URL

A flaw was found in python-urllib3. When provided with a URL containing many @ characters in the authority component, the authority's regular expression exhibits catastrophic backtracking. This flaw causes a denial of service if a URL is passed as a parameter or redirected via an HTTP redirect. T...

PT-2021-6018 · Python +10 · Urllib3 +10

Name of the Vulnerable Software and Affected Versions: urllib3 versions prior to 1.26.5 Description: The issue is related to an HTTP client vulnerability in Python urllib3, which is associated with uncontrolled resource consumption. Exploitation of the vulnerability may allow a remote attacker to...