-
Notifications
You must be signed in to change notification settings - Fork 2
/
PSF-2022-6.json
54 lines (54 loc) · 1.6 KB
/
PSF-2022-6.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
{
"modified": "2023-08-25T16:05:33Z",
"published": "2022-03-07T00:00:00Z",
"schema_version": "1.5.0",
"id": "PSF-2022-6",
"aliases": [
"CVE-2021-3733"
],
"summary": "CVE-2021-3733: ReDoS in urllib.request",
"details": "There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability.",
"affected": [
{
"ranges": [
{
"type": "GIT",
"events": [
{
"introduced": "0"
},
{
"fixed": "3fbe96123aeb66664fa547a8f6022efa2dc8788f"
},
{
"fixed": "7215d1ae25525c92b026166f9d5cac85fb1defe1"
},
{
"fixed": "a21d4fbd549ec9685068a113660553d7f80d9b09"
},
{
"fixed": "ada14995870abddc277addf57dd690a2af04c2da"
},
{
"fixed": "e7654b6046090914a8323931ed759a94a5f85d60"
}
],
"repo": "https://github.com/python/cpython"
}
]
}
],
"database_specific": {
"cwe_ids": []
},
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/security/cve/cve-2021-3733"
},
{
"type": "REPORT",
"url": "https://bugs.python.org/issue43075"
}
]
}