6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
7.1 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:N/A:C
python is vulnerable to denial of service (DoS). The vulnerability exists because of the urllib.request.AbstractBasicAuthHandler
catastrophic backtracking.
lists.opensuse.org/opensuse-security-announce/2020-03/msg00003.html
bugs.python.org/issue39503
github.com/python/cpython/pull/18284
lists.apache.org/thread.html/rdb31a608dd6758c6093fd645aea3fbf022dd25b37109b6aaea5bc0b5@%3Ccommits.cassandra.apache.org%3E
lists.apache.org/thread.html/rfec113c733162b39633fd86a2d0f34bf42ac35f711b3ec1835c774da@%3Ccommits.cassandra.apache.org%3E
lists.debian.org/debian-lts-announce/2020/07/msg00011.html
lists.fedoraproject.org/archives/list/[email protected]/message/7WOKDEXLYW5UQ4S7PA7E37IITOC7C56J/
lists.fedoraproject.org/archives/list/[email protected]/message/A5NSAX4SC3V64PGZUPH7PRDLSON34Q5A/
lists.fedoraproject.org/archives/list/[email protected]/message/APGWEMYZIY5VHLCSZ3HD67PA5Z2UQFGH/
lists.fedoraproject.org/archives/list/[email protected]/message/UESGYI5XDAHJBATEZN3MHNDUBDH47AS6/
python-security.readthedocs.io/vuln/urllib-basic-auth-regex.html
security.gentoo.org/glsa/202005-09
security.netapp.com/advisory/ntap-20200221-0001/
usn.ubuntu.com/4333-1/
usn.ubuntu.com/4333-2/
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
7.1 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:N/A:C