]> git.ipfire.org Git - thirdparty/Python/cpython.git/commit
projects / thirdparty / Python / cpython.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d36d6a9) | patch
bpo-43075: Fix ReDoS in urllib AbstractBasicAuthHandler (GH-24391)
authorYeting Li <liyt@ios.ac.cn>
Wed, 7 Apr 2021 11:27:41 +0000 (19:27 +0800)
committerGitHub <noreply@github.com>
Wed, 7 Apr 2021 11:27:41 +0000 (13:27 +0200)
commit7215d1ae25525c92b026166f9d5cac85fb1defe1
treec18d81a4f47c91c52e5cc567765576608cad9d62tree | snapshot
parentd36d6a9c1808e87628ebaa855d4bec80130189f4commit | diff
bpo-43075: Fix ReDoS in urllib AbstractBasicAuthHandler (GH-24391)

Fix Regular Expression Denial of Service (ReDoS) vulnerability in
urllib.request.AbstractBasicAuthHandler. The ReDoS-vulnerable regex
has quadratic worst-case complexity and it allows cause a denial of
service when identifying crafted invalid RFCs. This ReDoS issue is on
the client side and needs remote attackers to control the HTTP server.
Lib/urllib/request.py diff | blob | blame | history
Misc/NEWS.d/next/Security/2021-01-31-05-28-14.bpo-43075.DoAXqO.rst [new file with mode: 0644] blob
Mirror of https://github.com/python/cpython.git