FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-27 18:04:16 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
a27b0bb6-84fc-11ea-b5b4-641c67a117d8Python -- Regular Expression DoS attack against client

Ben Caller and Matt Schwager reports:

Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking.


Discovery 2019-11-17
Entry 2020-04-23
Modified 2020-06-13
python38
< 3.8.3

python37
le 3.7.7

python36
< 3.6.10

python35
le 3.5.9_4

python27
< 2.7.18

https://python-security.readthedocs.io/vuln/urllib-basic-auth-regex.html
https://bugs.python.org/issue39503
CVE-2020-8492
ports/245819