projects / python3.9.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 80a287d) | patch
bpo-43075: Fix ReDoS in urllib AbstractBasicAuthHandler (GH-24391) (GH-25247)
authorMiss Islington (bot) <31488909+miss-islington@users.noreply.github.com>
Wed, 7 Apr 2021 15:58:04 +0000 (08:58 -0700)
committerArnaud Rebillout <arnaudr@debian.org>
Tue, 14 Apr 2026 04:38:32 +0000 (11:38 +0700)
commit466ab006dc3b3d07fdc567cf886547832026d702
treea8949e7028e321a31170d7e094a0d7f687ec4af5tree | snapshot
parent80a287d045b180889597a15d75070221be66aecccommit | diff
bpo-43075: Fix ReDoS in urllib AbstractBasicAuthHandler (GH-24391) (GH-25247)

Fix Regular Expression Denial of Service (ReDoS) vulnerability in
urllib.request.AbstractBasicAuthHandler. The ReDoS-vulnerable regex
has quadratic worst-case complexity and it allows cause a denial of
service when identifying crafted invalid RFCs. This ReDoS issue is on
the client side and needs remote attackers to control the HTTP server.
(cherry picked from commit 7215d1ae25525c92b026166f9d5cac85fb1defe1)

Co-authored-by: Yeting Li <liyt@ios.ac.cn>
Co-authored-by: Yeting Li <liyt@ios.ac.cn>
Gbp-Pq: Name 0004-bpo-43075-Fix-ReDoS-in-urllib-AbstractBasicAuthHandl.patch
Lib/urllib/request.py diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.