PSF-2022-6.json

{
  "modified": "2023-08-25T16:05:33Z",
  "published": "2022-03-07T00:00:00Z",
  "schema_version": "1.5.0",
  "id": "PSF-2022-6",
  "aliases": [
    "CVE-2021-3733"
  ],
  "summary": "CVE-2021-3733: ReDoS in urllib.request",
  "details": "There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability.",
  "affected": [
    {
      "ranges": [
        {
          "type": "GIT",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3fbe96123aeb66664fa547a8f6022efa2dc8788f"
            },
            {
              "fixed": "7215d1ae25525c92b026166f9d5cac85fb1defe1"
            },
            {
              "fixed": "a21d4fbd549ec9685068a113660553d7f80d9b09"
            },
            {
              "fixed": "ada14995870abddc277addf57dd690a2af04c2da"
            },
            {
              "fixed": "e7654b6046090914a8323931ed759a94a5f85d60"
            }
          ],
          "repo": "https://github.com/python/cpython"
        }
      ]
    }
  ],
  "database_specific": {
    "cwe_ids": []
  },
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/security/cve/cve-2021-3733"
    },
    {
      "type": "REPORT",
      "url": "https://bugs.python.org/issue43075"
    }
  ]
}