-
Notifications
You must be signed in to change notification settings - Fork 53
/
PYSEC-2021-108.yaml
98 lines (98 loc) · 1.65 KB
/
PYSEC-2021-108.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
id: PYSEC-2021-108
details: An issue was discovered in urllib3 before 1.26.5. When provided with a URL
containing many @ characters in the authority component, the authority regular expression
exhibits catastrophic backtracking, causing a denial of service if a URL were passed
as a parameter or redirected to via an HTTP redirect.
affected:
- package:
name: urllib3
ecosystem: PyPI
purl: pkg:pypi/urllib3
ranges:
- type: GIT
repo: https://github.com/urllib3/urllib3
events:
- introduced: "0"
- fixed: 2d4a3fee6de2fa45eb82169361918f759269b4ec
- type: ECOSYSTEM
events:
- introduced: "0"
- fixed: 1.26.5
versions:
- "0.2"
- "0.3"
- 0.3.1
- 0.4.0
- 0.4.1
- "1.0"
- 1.0.1
- 1.0.2
- "1.1"
- "1.10"
- 1.10.1
- 1.10.2
- 1.10.3
- 1.10.4
- "1.11"
- "1.12"
- "1.13"
- 1.13.1
- "1.14"
- "1.15"
- 1.15.1
- "1.16"
- "1.17"
- "1.18"
- 1.18.1
- "1.19"
- 1.19.1
- "1.2"
- 1.2.1
- 1.2.2
- "1.20"
- "1.21"
- 1.21.1
- "1.22"
- "1.23"
- "1.24"
- 1.24.1
- 1.24.2
- 1.24.3
- "1.25"
- 1.25.1
- 1.25.10
- 1.25.11
- 1.25.2
- 1.25.3
- 1.25.4
- 1.25.5
- 1.25.6
- 1.25.7
- 1.25.8
- 1.25.9
- 1.26.0
- 1.26.1
- 1.26.2
- 1.26.3
- 1.26.4
- "1.3"
- "1.4"
- "1.5"
- "1.6"
- "1.7"
- 1.7.1
- "1.8"
- 1.8.2
- 1.8.3
- "1.9"
- 1.9.1
references:
- type: ADVISORY
url: https://github.com/advisories/GHSA-q2q7-5pp4-w6pg
- type: FIX
url: https://github.com/urllib3/urllib3/commit/2d4a3fee6de2fa45eb82169361918f759269b4ec
aliases:
- CVE-2021-33503
- GHSA-q2q7-5pp4-w6pg
modified: "2021-07-02T18:56:20.858344Z"
published: "2021-06-29T11:15:00Z"