PYSEC-2021-108
- Import Source
- https://github.com/pypa/advisory-database/blob/main/vulns/urllib3/PYSEC-2021-108.yaml
- Aliases
- Published
- 2021-06-29T11:15:00Z
- Modified
- 2023-11-08T04:06:04.829992Z
- Summary
- [none]
- Details
-
An issue was discovered in urllib3 before 1.26.5. When provided with a URL containing many @ characters in the authority component, the authority regular expression exhibits catastrophic backtracking, causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect.
- References
Affected packages
PyPI / urllib3
Package
- Name
- urllib3
Affected ranges
- Type
- GIT
- Repo
- https://github.com/urllib3/urllib3
- Events
- Type
- ECOSYSTEM
- Events
-
Introduced0The exact introduced commit is unknownFixed1.26.5
Affected versions
0.*
0.2
0.3
0.3.1
0.4.0
0.4.1
1.*
1.0
1.0.1
1.0.2
1.1
1.2
1.2.1
1.2.2
1.3
1.4
1.5
1.6
1.7
1.7.1
1.8
1.8.2
1.8.3
1.9
1.9.1
1.10
1.10.1
1.10.2
1.10.3
1.10.4
1.11
1.12
1.13
1.13.1
1.14
1.15
1.15.1
1.16
1.17
1.18
1.18.1
1.19
1.19.1
1.20
1.21
1.21.1
1.22
1.23
1.24
1.24.1
1.24.2
1.24.3
1.25
1.25.1
1.25.2
1.25.3
1.25.4
1.25.5
1.25.6
1.25.7
1.25.8
1.25.9
1.25.10
1.25.11
1.26.0
1.26.1
1.26.2
1.26.3
1.26.4