CVE-2020-8492
Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking.Enginsight
Vendor | Product | Version |
---|---|---|
python | python | 2.7.0 ≤ 𝑥 ≤ 2.7.17 |
python | python | 3.5.0 ≤ 𝑥 ≤ 3.5.9 |
python | python | 3.6.0 ≤ 𝑥 ≤ 3.6.10 |
python | python | 3.7.0 ≤ 𝑥 ≤ 3.7.6 |
python | python | 3.8.0 ≤ 𝑥 ≤ 3.8.1 |
opensuse | leap | 15.1 |
canonical | ubuntu_linux | 12.04 |
canonical | ubuntu_linux | 14.04 |
canonical | ubuntu_linux | 16.04 |
canonical | ubuntu_linux | 18.04 |
canonical | ubuntu_linux | 19.10 |
canonical | ubuntu_linux | 20.04 |
debian | debian_linux | 9.0 |
Ubuntu Releases
Ubuntu Product | |||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
python2.7 |
| ||||||||||||||||||||||||||
python3.4 |
| ||||||||||||||||||||||||||
python3.5 |
| ||||||||||||||||||||||||||
python3.6 |
| ||||||||||||||||||||||||||
python3.7 |
| ||||||||||||||||||||||||||
python3.8 |
|
Common Weakness Enumeration