projects / python3.9.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 45b8cf2) | patch
bpo-43075: Fix ReDoS in urllib AbstractBasicAuthHandler (GH-24391) (GH-25247)
authorMiss Islington (bot) <31488909+miss-islington@users.noreply.github.com>
Wed, 7 Apr 2021 15:58:04 +0000 (08:58 -0700)
committerAndrej Shadura <andrewsh@debian.org>
Sun, 25 Jan 2026 13:37:52 +0000 (14:37 +0100)
commitc7b9834000d572e391e9c86188a096e07a0dbac9
tree897847776655b22711e40e1ed6d1e36529026a33tree | snapshot
parent45b8cf23adc2442188fc4b82568bcf607295d23bcommit | diff
bpo-43075: Fix ReDoS in urllib AbstractBasicAuthHandler (GH-24391) (GH-25247)

Fix Regular Expression Denial of Service (ReDoS) vulnerability in
urllib.request.AbstractBasicAuthHandler. The ReDoS-vulnerable regex
has quadratic worst-case complexity and it allows cause a denial of
service when identifying crafted invalid RFCs. This ReDoS issue is on
the client side and needs remote attackers to control the HTTP server.
(cherry picked from commit 7215d1ae25525c92b026166f9d5cac85fb1defe1)

Co-authored-by: Yeting Li <liyt@ios.ac.cn>
Co-authored-by: Yeting Li <liyt@ios.ac.cn>
Gbp-Pq: Name 0004-bpo-43075-Fix-ReDoS-in-urllib-AbstractBasicAuthHandl.patch
Lib/urllib/request.py diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.