It was discovered that the urllib.request.AbstractBasicAuthHandler class in Python contains regex with a quadratic worst-case time complexity. Specially crafted traffic from a malicious HTTP server could cause a regular expression denial of service (ReDoS) condition for a client. (CVE-2021-3733)
It was discovered that the Python urllib http client could enter into an infinite loop when incorrectly handling certain server responses (100 Continue response). Specially crafted traffic from a malicious HTTP server could cause a denial of service (DoS) condition for a client. (CVE-2021-3737)
{ "availability": "No subscription required", "binaries": [ { "binary_version": "3.6.9-1~18.04ubuntu1.6", "binary_name": "idle-python3.6" }, { "binary_version": "3.6.9-1~18.04ubuntu1.6", "binary_name": "libpython3.6" }, { "binary_version": "3.6.9-1~18.04ubuntu1.6", "binary_name": "libpython3.6-dbg" }, { "binary_version": "3.6.9-1~18.04ubuntu1.6", "binary_name": "libpython3.6-dev" }, { "binary_version": "3.6.9-1~18.04ubuntu1.6", "binary_name": "libpython3.6-minimal" }, { "binary_version": "3.6.9-1~18.04ubuntu1.6", "binary_name": "libpython3.6-stdlib" }, { "binary_version": "3.6.9-1~18.04ubuntu1.6", "binary_name": "libpython3.6-testsuite" }, { "binary_version": "3.6.9-1~18.04ubuntu1.6", "binary_name": "python3.6" }, { "binary_version": "3.6.9-1~18.04ubuntu1.6", "binary_name": "python3.6-dbg" }, { "binary_version": "3.6.9-1~18.04ubuntu1.6", "binary_name": "python3.6-dev" }, { "binary_version": "3.6.9-1~18.04ubuntu1.6", "binary_name": "python3.6-doc" }, { "binary_version": "3.6.9-1~18.04ubuntu1.6", "binary_name": "python3.6-examples" }, { "binary_version": "3.6.9-1~18.04ubuntu1.6", "binary_name": "python3.6-minimal" }, { "binary_version": "3.6.9-1~18.04ubuntu1.6", "binary_name": "python3.6-venv" } ] }