It was discovered that the urllib.request.AbstractBasicAuthHandler class in Python contains regex with a quadratic worst-case time complexity. Specially crafted traffic from a malicious HTTP server could cause a regular expression denial of service (ReDoS) condition for a client. (CVE-2021-3733)
It was discovered that the Python urllib http client could enter into an infinite loop when incorrectly handling certain server responses (100 Continue response). Specially crafted traffic from a malicious HTTP server could cause a denial of service (DoS) condition for a client. (CVE-2021-3737)
{ "availability": "No subscription required", "binaries": [ { "binary_name": "idle-python3.6", "binary_version": "3.6.9-1~18.04ubuntu1.6" }, { "binary_name": "libpython3.6", "binary_version": "3.6.9-1~18.04ubuntu1.6" }, { "binary_name": "libpython3.6-dbg", "binary_version": "3.6.9-1~18.04ubuntu1.6" }, { "binary_name": "libpython3.6-dev", "binary_version": "3.6.9-1~18.04ubuntu1.6" }, { "binary_name": "libpython3.6-minimal", "binary_version": "3.6.9-1~18.04ubuntu1.6" }, { "binary_name": "libpython3.6-stdlib", "binary_version": "3.6.9-1~18.04ubuntu1.6" }, { "binary_name": "libpython3.6-testsuite", "binary_version": "3.6.9-1~18.04ubuntu1.6" }, { "binary_name": "python3.6", "binary_version": "3.6.9-1~18.04ubuntu1.6" }, { "binary_name": "python3.6-dbg", "binary_version": "3.6.9-1~18.04ubuntu1.6" }, { "binary_name": "python3.6-dev", "binary_version": "3.6.9-1~18.04ubuntu1.6" }, { "binary_name": "python3.6-doc", "binary_version": "3.6.9-1~18.04ubuntu1.6" }, { "binary_name": "python3.6-examples", "binary_version": "3.6.9-1~18.04ubuntu1.6" }, { "binary_name": "python3.6-minimal", "binary_version": "3.6.9-1~18.04ubuntu1.6" }, { "binary_name": "python3.6-venv", "binary_version": "3.6.9-1~18.04ubuntu1.6" } ] }