CVE-2020-8492

Updated: 2024-11-23 05:29:22.139705

Description:

Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x HIGH 7.1
CVSS Version 3.x MEDIUM 6.5

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement

CentOS 6 ELS python 2.6.6 6.5 MEDIUM Released CLSA-2021:1633442879 2022-05-05 12:01:58
CloudLinux 6 ELS python 2.6.6 6.5 MEDIUM Released 2021-12-09 07:57:07
Oracle Linux 6 ELS python 2.6.6 6.5 MEDIUM Released CLSA-2021:1634925483 2021-12-09 07:57:07
Ubuntu 16.04 ELS python2.7 2.7.12 6.5 MEDIUM Already Fixed 2024-07-18 14:54:06
Ubuntu 18.04 ELS python2.7 2.7.17-1 6.5 MEDIUM Already Fixed 2024-07-18 14:23:17