{
  "schema_version": "1.4.0",
  "id": "GHSA-wh3w-rqc7-4mpf",
  "modified": "2023-05-24T21:30:16Z",
  "published": "2022-05-24T17:07:48Z",
  "aliases": [
    "CVE-2020-8492"
  ],
  "details": "Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking.",
  "severity": [
    {
      "type": "CVSS_V3",
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
    }
  ],
  "affected": [],
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8492"
    },
    {
      "type": "WEB",
      "url": "https://github.com/python/cpython/pull/18284"
    },
    {
      "type": "WEB",
      "url": "https://bugs.python.org/issue39503"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rdb31a608dd6758c6093fd645aea3fbf022dd25b37109b6aaea5bc0b5@%3Ccommits.cassandra.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rfec113c733162b39633fd86a2d0f34bf42ac35f711b3ec1835c774da@%3Ccommits.cassandra.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00011.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7WOKDEXLYW5UQ4S7PA7E37IITOC7C56J"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5NSAX4SC3V64PGZUPH7PRDLSON34Q5A"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APGWEMYZIY5VHLCSZ3HD67PA5Z2UQFGH"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UESGYI5XDAHJBATEZN3MHNDUBDH47AS6"
    },
    {
      "type": "WEB",
      "url": "https://python-security.readthedocs.io/vuln/urllib-basic-auth-regex.html"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202005-09"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20200221-0001"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4333-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4333-2"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00003.html"
    }
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "severity": "MODERATE",
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-01-30T19:15:00Z"
  }
}