diff options
author | Yeting Li <liyt@ios.ac.cn> | 2021-04-07 11:27:41 (GMT) |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-04-07 11:27:41 (GMT) |
commit | 7215d1ae25525c92b026166f9d5cac85fb1defe1 (patch) | |
tree | c18d81a4f47c91c52e5cc567765576608cad9d62 /Python/compile.c | |
parent | d36d6a9c1808e87628ebaa855d4bec80130189f4 (diff) | |
download | cpython-7215d1ae25525c92b026166f9d5cac85fb1defe1.zip cpython-7215d1ae25525c92b026166f9d5cac85fb1defe1.tar.gz cpython-7215d1ae25525c92b026166f9d5cac85fb1defe1.tar.bz2 |
bpo-43075: Fix ReDoS in urllib AbstractBasicAuthHandler (GH-24391)
Fix Regular Expression Denial of Service (ReDoS) vulnerability in
urllib.request.AbstractBasicAuthHandler. The ReDoS-vulnerable regex
has quadratic worst-case complexity and it allows cause a denial of
service when identifying crafted invalid RFCs. This ReDoS issue is on
the client side and needs remote attackers to control the HTTP server.
Diffstat (limited to 'Python/compile.c')
0 files changed, 0 insertions, 0 deletions