projects / platform / upstream / python.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 4fb3902) | patch
[CVE-2020-8492] Fix AbstractBasicAuthHandler 86/256686/1 accepted/tizen/6.0/base/tool/20210420.072003 submit/tizen_6.0_base/20210409.074611
authorJinWang An <jinwang.an@samsung.com>
Fri, 9 Apr 2021 07:37:41 +0000 (16:37 +0900)
committerJinWang An <jinwang.an@samsung.com>
Fri, 9 Apr 2021 07:39:32 +0000 (16:39 +0900)
commit71a3e5821d23fba27b38508d395329663ef7f1bf
treeee377ee7020ab64935bae891f313847ab0c655f7tree | snapshot
parent4fb390256dd760062ac76830d26b0703a145890bcommit | diff
[CVE-2020-8492] Fix AbstractBasicAuthHandler

Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10,
3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server
to conduct Regular Expression Denial of Service (ReDoS) attacks
against a client because of urllib.request.AbstractBasicAuthHandler
catastrophic backtracking.

Change-Id: I44694a5b63583e554fcb6c6ec0b78c1c640d8f85
Signed-off-by: JinWang An <jinwang.an@samsung.com>
Lib/test/test_urllib2.py diff | blob | history
Lib/urllib2.py diff | blob | history
Domain: System / Base;