FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
a27b0bb6-84fc-11ea-b5b4-641c67a117d8Python -- Regular Expression DoS attack against client

Ben Caller and Matt Schwager reports:

Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking.


Discovery 2019-11-17
Entry 2020-04-23
Modified 2020-06-13
python38
lt 3.8.3

python37
le 3.7.7

python36
lt 3.6.10

python35
le 3.5.9_4

python27
lt 2.7.18

https://python-security.readthedocs.io/vuln/urllib-basic-auth-regex.html
https://bugs.python.org/issue39503
CVE-2020-8492
ports/245819