Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2020-7212
HistoryMar 06, 2020 - 12:00 a.m.

CVE-2020-7212

2020-03-0600:00:00
ubuntu.com
ubuntu.com
6

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.002 Low

EPSS

Percentile

58.3%

JSON

The _encode_invalid_chars function in util/url.py in the urllib3 library
1.25.2 through 1.25.7 for Python allows a denial of service (CPU
consumption) because of an inefficient algorithm. The percent_encodings
array contains all matches of percent encodings. It is not deduplicated.
For a URL of length N, the size of percent_encodings may be up to O(N). The
next step (normalize existing percent-encoded bytes) also takes up to O(N)
for each step, so the total time is O(N^2). If percent_encodings were
deduplicated, the time to compute _encode_invalid_chars would be O(kN),
where k is at most 484 ((10+6*2)^2).

Notes

Author Note
leosilva Introduced by a74c9cfbaed9f811e7563cfc3dce894928e0221a fixed by a2697e7c6b275f05879b60f593c5854a816489f0 Introduced in 1.25.2 and fixed in 1.25.8

Related

osv 3
prion 1
debiancve 1
cvelist 1
redhatcve 1
github 1
veracode 1
cve 1
ibm 1
osv
osv
Uncontrolled Resource Consumption in urllib3
2021-04-30 17:31:43
PYSEC-2020-149
2020-03-06 20:15:00
CVE-2020-7212
2020-03-06 20:15:12
prion
prion
Code injection
2020-03-06 20:15:00
debiancve
debiancve
CVE-2020-7212
2020-03-06 20:15:00
cvelist
cvelist
CVE-2020-7212
2020-03-06 19:14:54
redhatcve
redhatcve
CVE-2020-7212
2020-04-06 05:02:51
github
github
Uncontrolled Resource Consumption in urllib3
2021-04-30 17:31:43
veracode
veracode
Denial Of Service (DoS)
2020-03-09 06:06:43
cve
cve
CVE-2020-7212
2020-03-06 20:15:00
ibm
ibm
Security Bulletin: Vulnerability in Python-urllib3 affects IBM Cloud Pak for Data System 2.0 (CPDS2.0)
2024-03-11 13:16:57

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.002 Low

EPSS

Percentile

58.3%

JSON
Related for UB:CVE-2020-7212
osv3prion1debiancve1cvelist1redhatcve1github1veracode1cve1ibm1