CVE-2020-8492

Source
https://nvd.nist.gov/vuln/detail/CVE-2020-8492
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-8492.json
Aliases
Related
Published
2020-01-30T19:15:12Z
Modified
2023-12-06T01:00:40.960973Z
Details

Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking.

References

Affected packages

Alpine:v3.10 / python3

Package

Name
python3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
3.7.7-r0

Affected versions

3.*

3.1.3-r0
3.2.0-r0
3.2.3-r0
3.3.0-r0
3.3.2-r0
3.3.3-r0
3.3.4-r0
3.4.1-r0
3.4.2-r0
3.4.2-r1
3.4.3-r1
3.4.3-r2
3.5.0-r0
3.5.1-r0
3.5.1-r1
3.5.1-r2
3.5.1-r3
3.5.2-r3
3.6.0-r3
3.6.1-r3
3.6.2-r3
3.6.3-r3
3.6.4-r3
3.6.6-r3
3.6.7-r3
3.6.8-r3
3.7.2-r3
3.7.3-r3
3.7.4-r3
3.7.5-r3

Alpine:v3.11 / python3

Package

Name
python3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
3.8.2-r0

Affected versions

3.*

3.1.3-r0
3.2.0-r0
3.2.3-r0
3.3.0-r0
3.3.2-r0
3.3.3-r0
3.3.4-r0
3.4.1-r0
3.4.2-r0
3.4.2-r1
3.4.3-r1
3.4.3-r2
3.5.0-r0
3.5.1-r0
3.5.1-r1
3.5.1-r2
3.5.1-r3
3.5.2-r3
3.6.0-r3
3.6.1-r3
3.6.2-r3
3.6.3-r3
3.6.4-r3
3.6.6-r3
3.6.7-r3
3.6.8-r3
3.7.2-r3
3.7.3-r3
3.7.4-r3
3.7.5-r3
3.8.0-r3
3.8.1-r3

Alpine:v3.12 / python3

Package

Name
python3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
3.8.2-r0

Affected versions

3.*

3.1.3-r0
3.2.0-r0
3.2.3-r0
3.3.0-r0
3.3.2-r0
3.3.3-r0
3.3.4-r0
3.4.1-r0
3.4.2-r0
3.4.2-r1
3.4.3-r1
3.4.3-r2
3.5.0-r0
3.5.1-r0
3.5.1-r1
3.5.1-r2
3.5.1-r3
3.5.2-r3
3.6.0-r3
3.6.1-r3
3.6.2-r3
3.6.3-r3
3.6.4-r3
3.6.6-r3
3.6.7-r3
3.6.8-r3
3.7.2-r3
3.7.3-r3
3.7.4-r3
3.7.5-r3
3.8.0-r3
3.8.1-r3

Alpine:v3.13 / python3

Package

Name
python3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
3.8.2-r0

Affected versions

3.*

3.1.3-r0
3.2.0-r0
3.2.3-r0
3.3.0-r0
3.3.2-r0
3.3.3-r0
3.3.4-r0
3.4.1-r0
3.4.2-r0
3.4.2-r1
3.4.3-r1
3.4.3-r2
3.5.0-r0
3.5.1-r0
3.5.1-r1
3.5.1-r2
3.5.1-r3
3.5.2-r3
3.6.0-r3
3.6.1-r3
3.6.2-r3
3.6.3-r3
3.6.4-r3
3.6.6-r3
3.6.7-r3
3.6.8-r3
3.7.2-r3
3.7.3-r3
3.7.4-r3
3.7.5-r3
3.8.0-r3
3.8.1-r3

Alpine:v3.14 / python3

Package

Name
python3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
3.8.2-r0

Affected versions

3.*

3.1.3-r0
3.2.0-r0
3.2.3-r0
3.3.0-r0
3.3.2-r0
3.3.3-r0
3.3.4-r0
3.4.1-r0
3.4.2-r0
3.4.2-r1
3.4.3-r1
3.4.3-r2
3.5.0-r0
3.5.1-r0
3.5.1-r1
3.5.1-r2
3.5.1-r3
3.5.2-r3
3.6.0-r3
3.6.1-r3
3.6.2-r3
3.6.3-r3
3.6.4-r3
3.6.6-r3
3.6.7-r3
3.6.8-r3
3.7.2-r3
3.7.3-r3
3.7.4-r3
3.7.5-r3
3.8.0-r3
3.8.1-r3

Alpine:v3.15 / python3

Package

Name
python3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
3.8.2-r0

Affected versions

3.*

3.1.3-r0
3.2.0-r0
3.2.3-r0
3.3.0-r0
3.3.2-r0
3.3.3-r0
3.3.4-r0
3.4.1-r0
3.4.2-r0
3.4.2-r1
3.4.3-r1
3.4.3-r2
3.5.0-r0
3.5.1-r0
3.5.1-r1
3.5.1-r2
3.5.1-r3
3.5.2-r3
3.6.0-r3
3.6.1-r3
3.6.2-r3
3.6.3-r3
3.6.4-r3
3.6.6-r3
3.6.7-r3
3.6.8-r3
3.7.2-r3
3.7.3-r3
3.7.4-r3
3.7.5-r3
3.8.0-r3
3.8.1-r3

Alpine:v3.16 / python3

Package

Name
python3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
3.8.2-r0

Affected versions

3.*

3.1.3-r0
3.2.0-r0
3.2.3-r0
3.3.0-r0
3.3.2-r0
3.3.3-r0
3.3.4-r0
3.4.1-r0
3.4.2-r0
3.4.2-r1
3.4.3-r1
3.4.3-r2
3.5.0-r0
3.5.1-r0
3.5.1-r1
3.5.1-r2
3.5.1-r3
3.5.2-r3
3.6.0-r3
3.6.1-r3
3.6.2-r3
3.6.3-r3
3.6.4-r3
3.6.6-r3
3.6.7-r3
3.6.8-r3
3.7.2-r3
3.7.3-r3
3.7.4-r3
3.7.5-r3
3.8.0-r3
3.8.1-r3

Alpine:v3.17 / python3

Package

Name
python3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
3.8.2-r0

Affected versions

3.*

3.1.3-r0
3.2.0-r0
3.2.3-r0
3.3.0-r0
3.3.2-r0
3.3.3-r0
3.3.4-r0
3.4.1-r0
3.4.2-r0
3.4.2-r1
3.4.3-r1
3.4.3-r2
3.5.0-r0
3.5.1-r0
3.5.1-r1
3.5.1-r2
3.5.1-r3
3.5.2-r3
3.6.0-r3
3.6.1-r3
3.6.2-r3
3.6.3-r3
3.6.4-r3
3.6.6-r3
3.6.7-r3
3.6.8-r3
3.7.2-r3
3.7.3-r3
3.7.4-r3
3.7.5-r3
3.8.0-r3
3.8.1-r3

Alpine:v3.18 / python3

Package

Name
python3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
3.8.2-r0

Affected versions

3.*

3.1.3-r0
3.2.0-r0
3.2.3-r0
3.3.0-r0
3.3.2-r0
3.3.3-r0
3.3.4-r0
3.4.1-r0
3.4.2-r0
3.4.2-r1
3.4.3-r1
3.4.3-r2
3.5.0-r0
3.5.1-r0
3.5.1-r1
3.5.1-r2
3.5.1-r3
3.5.2-r3
3.6.0-r3
3.6.1-r3
3.6.2-r3
3.6.3-r3
3.6.4-r3
3.6.6-r3
3.6.7-r3
3.6.8-r3
3.7.2-r3
3.7.3-r3
3.7.4-r3
3.7.5-r3
3.8.0-r3
3.8.1-r3

Git / github.com/python/cpython

Affected ranges

Type
GIT
Repo
https://github.com/python/cpython
Events
Introduced
fa919fdf2583bdfead1df00e842f24f30b2a34bf
Last affected
1b293b60067f6f4a95984d064ce0f6b6d34c1216
Introduced
1bf9cc509326bc42cd8cb1650eb9bf64550d817e
Last affected
43364a7ae01fbe4288ef42622259a0038ce1edcc
Introduced
5c4568a05a0a62b5947c55f68f9f2ecfb90a4f12
Introduced
2e789a1f1d84b343a996e8654590703b5fbdd441
Last affected
e5f6aba872e66bfd86eb592214696a519cded197

Affected versions

v3.*

v3.8.0
v3.8.1
v3.8.1rc1