cbcvebase.
CVE-2021-3733
published 2022-03-10

CVE-2021-3733: There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects…

medium6.5CVSS 3.1
AVNACLPRLUINSUCNINAH
There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability.

Affected

30 ranges· showing 25
VendorProductVersion rangeFixed in
debianpypy3< pypy3 7.3.5+dfsg-2 (bookworm)pypy3 7.3.5+dfsg-2 (bookworm)
debianpython2.7< pypy3 7.3.5+dfsg-2 (bookworm)pypy3 7.3.5+dfsg-2 (bookworm)
debianpython3.9< pypy3 7.3.5+dfsg-2 (bookworm)pypy3 7.3.5+dfsg-2 (bookworm)
fedoraprojectextra_packages_for_enterprise_linux
fedoraprojectfedora
fedoraprojectfedora
fedoraprojectfedora
fedoraprojectfedora
msrccbl_mariner_1.0_arm
msrccbl_mariner_1.0_x64
msrccm1_python2_2.7.18-10_on_cbl_mariner_1.0
pythonpython< 3.6.143.6.14
pythonpython
pythonpython
pythonpython>= 3.7.0 < 3.7.113.7.11
pythonpython>= 3.8.0 < 3.8.103.8.10
pythonpython>= 3.9.0 < 3.9.53.9.5
redhatcodeready_linux_builder
redhatcodeready_linux_builder_for_ibm_z_systems
redhatcodeready_linux_builder_for_power_little_endian
redhatenterprise_linux
redhatenterprise_linux_eus
redhatenterprise_linux_for_ibm_z_systems
redhatenterprise_linux_for_ibm_z_systems_eus
redhatenterprise_linux_for_power_little_endian

CVSS provenance

nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
osv7.6HIGH