Lucene search
K

6 matches found

RedHat Linux
RedHat Linux
added 2021/11/16 3:43 p.m.4 views

python-urllib3: ReDoS in the parsing of authority part of URL

A flaw was found in python-urllib3. When provided with a URL containing many @ characters in the authority component, the authority's regular expression exhibits catastrophic backtracking. This flaw causes a denial of service if a URL is passed as a parameter or redirected via an HTTP redirect. T...

7.5CVSS7.3AI score0.03273EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2021/11/09 5:54 p.m.4 views

python-urllib3: ReDoS in the parsing of authority part of URL

A flaw was found in python-urllib3. When provided with a URL containing many @ characters in the authority component, the authority's regular expression exhibits catastrophic backtracking. This flaw causes a denial of service if a URL is passed as a parameter or redirected via an HTTP redirect. T...

7.5CVSS7.3AI score0.03273EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2021/06/01 9:19 p.m.86 views

Catastrophic backtracking in URL authority parser when passed URL containing many @ characters

Impact When provided with a URL containing many @ characters in the authority component the authority regular expression exhibits catastrophic backtracking causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect. Patches The issue has been fixed in...

7.5CVSS6.8AI score0.03273EPSS
Exploits0References10Affected Software1
OSV
OSV
added 2021/06/01 9:19 p.m.3 views

GHSA-Q2Q7-5PP4-W6PG Catastrophic backtracking in URL authority parser when passed URL containing many @ characters

Impact When provided with a URL containing many @ characters in the authority component the authority regular expression exhibits catastrophic backtracking causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect. Patches The issue has been fixed in...

8.7CVSS6.8AI score0.03273EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2020/06/11 12:0 a.m.6 views

PT-2021-6018

Name of the Vulnerable Software and Affected Versions urllib3 versions prior to 1.26.5 Description The issue is related to an HTTP client vulnerability in Python urllib3, which is associated with uncontrolled resource consumption. Exploitation of the vulnerability may allow a remote attacker to...

8.7CVSS7.1AI score0.03273EPSS
Exploits0References120
OSV
OSV
added 2016/12/22 9:59 p.m.1 views

DEBIAN-CVE-2016-9179

lynx: It was found that Lynx doesn't parse the authority component of the URL correctly when the host name part ends with '?', and could instead be tricked into connecting to a different host...

7.5CVSS6.8AI score0.01987EPSS
Exploits0References1
Rows per page
Query Builder