8000 bpo-43075: Fix ReDoS in request by yetingli · Pull Request #24391 · python/cpython · GitHub
[go: up one dir, main page]
Skip to content

bpo-43075: Fix ReDoS in request #24391

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 7 commits into from
Apr 7, 2021
Merged

bpo-43075: Fix ReDoS in request #24391

Changes from 1 commit
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
86664c9
Fix ReDoS
yetingli Jan 31, 2021
bcb541d
📜🤖 Added by blurb_it.
blurb-it[bot] Jan 31, 2021
d79f2da
Update 2021-01-31-05-28-14.bpo-43075.DoAXqO.rst
yetingli Apr 7, 2021
817a2c6
Update 2021-01-31-05-28-14.bpo-43075.DoAXqO.rst
yetingli Apr 7, 2021
d4d5b82
Update Misc/NEWS.d/next/Security/2021-01-31-05-28-14.bpo-43075.DoAXqO…
yetingli Apr 7, 2021
735fdcb
Update 2021-01-31-05-28-14.bpo-43075.DoAXqO.rst
yetingli Apr 7, 2021
fd9c7fa
Update 2021-01-31-05-28-14.bpo-43075.DoAXqO.rst
yetingli Apr 7, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Update 2021-01-31-05-28-14.bpo-43075.DoAXqO.rst
  • Loading branch information
@yetingli
yetingli authored Apr 7, 2021
commit fd9c7fa4162d61e34759fd7b9dd1561d70e016f2
2 changes: 1 addition & 1 deletion Misc/NEWS.d/next/Security/2021-01-31-05-28-14.bpo-43075.DoAXqO.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1 @@
Fix Regular Expression Denial of Service (ReDoS) vulnerability in :class:`urllib.request.AbstractBasicAuthHandler`. The ReDoS-vulnerable regex has quadratic worst-case complexity and it allows cause a denial of service when identifying crafted invalid RFCs. This ReDoS issue is on the client server and needs remote attackers to control the HTTP server.
Fix Regular Expression Denial of Service (ReDoS) vulnerability in :class:`urllib.request.AbstractBasicAuthHandler`. The ReDoS-vulnerable regex has quadratic worst-case complexity and it allows cause a denial of service when identifying crafted invalid RFCs. This ReDoS issue is on the client side and needs remote attackers to control the HTTP server.
0