Veracode Vulnerability DatabaseVERACODE:30782Denial Of Service (DoS)
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
urllib3 is vulnerable to denial of service. An attacker is able to send a URL containing many @ characters in the authority component as a parameter or redirected to via an HTTP redirect, causing catastrophic backtracking and a denial of service.
References
github.com/advisories/GHSA-q2q7-5pp4-w6pg
github.com/urllib3/urllib3/commit/2d4a3fee6de2fa45eb82169361918f759269b4ec
github.com/urllib3/urllib3/security/advisories/GHSA-q2q7-5pp4-w6pg
lists.fedoraproject.org/archives/list/[email protected]/message/6SCV7ZNAHS3E6PBFLJGENCDRDRWRZZ6W/
lists.fedoraproject.org/archives/list/[email protected]/message/FMUGWEAUYGGHTPPXT6YBD53WYXQGVV73/
security.gentoo.org/glsa/202107-36
www.oracle.com/security-alerts/cpuoct2021.html
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P