Updated: 2025-11-19 05:39:55.088039
Description:
There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | MEDIUM | 4.0 |
| CVSS Version 3.x | MEDIUM | 6.5 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| Ubuntu 16.04 ELS | python2.7 | 2.7.12 | 6.5 | MEDIUM | Released | CLSA-2024:1723146030 | 2024-08-08 17:59:16 | |
| Ubuntu 18.04 ELS | python2.7 | 2.7.17-1 | 6.5 | MEDIUM | Released | CLSA-2024:1722527236 | 2024-08-01 11:57:19 | |
| Ubuntu 18.04 ELS | python3.6 | 3.6.9-1 | 6.5 | MEDIUM | Already Fixed | 2024-07-18 14:42:01 |