When provided with a URL containing many @ characters in the authority component the authority regular expression exhibits catastrophic backtracking causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect.
Impact
When provided with a URL containing many
@characters in the authority component the authority regular expression exhibits catastrophic backtracking causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect.Patches
The issue has been fixed in urllib3 v1.26.5.
References
For more information
If you have any questions or comments about this advisory:
References