cpython.git - https://github.com/python/cpython.git

diff options

author	Yeting Li <liyt@ios.ac.cn>	2021-04-07 11:27:41 (GMT)
committer	GitHub <noreply@github.com>	2021-04-07 11:27:41 (GMT)
commit	7215d1ae25525c92b026166f9d5cac85fb1defe1 (patch)
tree	c18d81a4f47c91c52e5cc567765576608cad9d62 /Python/compile.c
parent	d36d6a9c1808e87628ebaa855d4bec80130189f4 (diff)
download	cpython-7215d1ae25525c92b026166f9d5cac85fb1defe1.zip cpython-7215d1ae25525c92b026166f9d5cac85fb1defe1.tar.gz cpython-7215d1ae25525c92b026166f9d5cac85fb1defe1.tar.bz2

bpo-43075: Fix ReDoS in urllib AbstractBasicAuthHandler (GH-24391)

Fix Regular Expression Denial of Service (ReDoS) vulnerability in urllib.request.AbstractBasicAuthHandler. The ReDoS-vulnerable regex has quadratic worst-case complexity and it allows cause a denial of service when identifying crafted invalid RFCs. This ReDoS issue is on the client side and needs remote attackers to control the HTTP server.

Diffstat (limited to 'Python/compile.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: