Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / cpython3 / 7215d1ae25525c92b026166f9d5cac85fb1defe1
commit7215d1ae25525c92b026166f9d5cac85fb1defe1[log] [tgz]
authorYeting Li <liyt@ios.ac.cn>Wed Apr 07 19:27:41 2021 +0800
committerGitHub <noreply@github.com>Wed Apr 07 13:27:41 2021 +0200
treec18d81a4f47c91c52e5cc567765576608cad9d62
parentd36d6a9c1808e87628ebaa855d4bec80130189f4 [diff]
bpo-43075: Fix ReDoS in urllib AbstractBasicAuthHandler (GH-24391)

Fix Regular Expression Denial of Service (ReDoS) vulnerability in
urllib.request.AbstractBasicAuthHandler. The ReDoS-vulnerable regex
has quadratic worst-case complexity and it allows cause a denial of
service when identifying crafted invalid RFCs. This ReDoS issue is on
the client side and needs remote attackers to control the HTTP server.
2 files changed
tree: c18d81a4f47c91c52e5cc567765576608cad9d62
  1. .azure-pipelines/
  2. .github/
  3. Doc/
  4. Grammar/
  5. Include/
  6. Lib/
  7. Mac/
  8. Misc/
  9. Modules/
  10. Objects/
  11. Parser/
  12. PC/
  13. PCbuild/
  14. Programs/
  15. Python/
  16. Tools/
  17. .gitattributes
  18. .gitignore
  19. .travis.yml
  20. aclocal.m4
  21. CODE_OF_CONDUCT.md
  22. config.guess
  23. config.sub
  24. configure
  25. configure.ac
  26. install-sh
  27. LICENSE
  28. Makefile.pre.in
  29. netlify.toml
  30. pyconfig.h.in
  31. README.rst
  32. setup.py