---

CVE-2020-8492 - log back

CVE-2020-8492 edited at 21 Feb 2021 11:03:33
Severity	- Unknown + Low
Remote	- Unknown + Remote
Type	- Unknown + Denial of service
Description	+ Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking.
References	+ https://bugs.python.org/issue39503 + https://github.com/python/cpython/pull/18284 + https://github.com/python/cpython/commit/0b297d4ff1c0e4480ad33acae793fbaf4bf015b4

CVE-2020-8492 created at 21 Feb 2021 10:59:50
Severity	+ Unknown
Remote	+ Unknown
Type	+ Unknown
Description
References
Notes