2 matches found
BIT-LIBPYTHON-2021-3733
There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client such as web browser connects to, could trigger a Regular Expression Denial of Service ReDOS during an authentication request with a specially crafted payload that is sen...
K000149880: Python vulnerabilities CVE-2021-3733, CVE-2021-3426, CVE-2021-23336, and CVE-2020-8492
Security Advisory Description CVE-2021-3733 There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client such as web browser connects to, could trigger a Regular Expression Denial of Service ReDOS during an authentication request...