CVE-2020-8492
30.01.2020, 19:15
Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking.Enginsight
Vendor | Product | Version |
---|---|---|
python | python | 2.7.0 ≤ 𝑥 ≤ 2.7.17 |
python | python | 3.5.0 ≤ 𝑥 ≤ 3.5.9 |
python | python | 3.6.0 ≤ 𝑥 ≤ 3.6.10 |
python | python | 3.7.0 ≤ 𝑥 ≤ 3.7.6 |
python | python | 3.8.0 ≤ 𝑥 ≤ 3.8.1 |
opensuse | leap | 15.1 |
canonical | ubuntu_linux | 12.04 |
canonical | ubuntu_linux | 14.04 |
canonical | ubuntu_linux | 16.04 |
canonical | ubuntu_linux | 18.04 |
canonical | ubuntu_linux | 19.10 |
canonical | ubuntu_linux | 20.04 |
debian | debian_linux | 9.0 |
𝑥
= Vulnerable software versions

Ubuntu Releases
Ubuntu Product | |||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
python2.7 |
| ||||||||||||||||||||||||||
python3.4 |
| ||||||||||||||||||||||||||
python3.5 |
| ||||||||||||||||||||||||||
python3.6 |
| ||||||||||||||||||||||||||
python3.7 |
| ||||||||||||||||||||||||||
python3.8 |
|
References