{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2020-8492","assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","dateUpdated":"2024-08-04T10:03:45.890Z","dateReserved":"2020-01-30T00:00:00.000Z","datePublished":"2020-01-30T00:00:00.000Z"},"containers":{"cna":{"providerMetadata":{"orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre","dateUpdated":"2023-05-24T00:00:00.000Z"},"descriptions":[{"lang":"en","value":"Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking."}],"affected":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}],"references":[{"url":"https://bugs.python.org/issue39503"},{"url":"https://python-security.readthedocs.io/vuln/urllib-basic-auth-regex.html"},{"url":"https://github.com/python/cpython/pull/18284"},{"url":"https://security.netapp.com/advisory/ntap-20200221-0001/"},{"name":"openSUSE-SU-2020:0274","tags":["vendor-advisory"],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00003.html"},{"name":"USN-4333-1","tags":["vendor-advisory"],"url":"https://usn.ubuntu.com/4333-1/"},{"name":"USN-4333-2","tags":["vendor-advisory"],"url":"https://usn.ubuntu.com/4333-2/"},{"name":"GLSA-202005-09","tags":["vendor-advisory"],"url":"https://security.gentoo.org/glsa/202005-09"},{"name":"FEDORA-2020-98e0f0f11b","tags":["vendor-advisory"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APGWEMYZIY5VHLCSZ3HD67PA5Z2UQFGH/"},{"name":"FEDORA-2020-6a88dad4a0","tags":["vendor-advisory"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WOKDEXLYW5UQ4S7PA7E37IITOC7C56J/"},{"name":"FEDORA-2020-8bdd3fd7a4","tags":["vendor-advisory"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UESGYI5XDAHJBATEZN3MHNDUBDH47AS6/"},{"name":"FEDORA-2020-ea5bdbcc90","tags":["vendor-advisory"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A5NSAX4SC3V64PGZUPH7PRDLSON34Q5A/"},{"name":"[debian-lts-announce] 20200715 [SECURITY] [DLA 2280-1] python3.5 security update","tags":["mailing-list"],"url":"https://lists.debian.org/debian-lts-announce/2020/07/msg00011.html"},{"name":"[cassandra-commits] 20210816 [jira] [Created] (CASSANDRA-16857) Security vulnerability CVE-2020-8492","tags":["mailing-list"],"url":"https://lists.apache.org/thread.html/rdb31a608dd6758c6093fd645aea3fbf022dd25b37109b6aaea5bc0b5%40%3Ccommits.cassandra.apache.org%3E"},{"name":"[cassandra-commits] 20210816 [jira] [Updated] (CASSANDRA-16857) Security vulnerability CVE-2020-8492","tags":["mailing-list"],"url":"https://lists.apache.org/thread.html/rfec113c733162b39633fd86a2d0f34bf42ac35f711b3ec1835c774da%40%3Ccommits.cassandra.apache.org%3E"},{"name":"[debian-lts-announce] 20230524 [SECURITY] [DLA 3432-1] python2.7 security update","tags":["mailing-list"],"url":"https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html"}],"problemTypes":[{"descriptions":[{"type":"text","lang":"en","description":"n/a"}]}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-04T10:03:45.890Z"},"title":"CVE Program Container","references":[{"url":"https://bugs.python.org/issue39503","tags":["x_transferred"]},{"url":"https://python-security.readthedocs.io/vuln/urllib-basic-auth-regex.html","tags":["x_transferred"]},{"url":"https://github.com/python/cpython/pull/18284","tags":["x_transferred"]},{"url":"https://security.netapp.com/advisory/ntap-20200221-0001/","tags":["x_transferred"]},{"name":"openSUSE-SU-2020:0274","tags":["vendor-advisory","x_transferred"],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00003.html"},{"name":"USN-4333-1","tags":["vendor-advisory","x_transferred"],"url":"https://usn.ubuntu.com/4333-1/"},{"name":"USN-4333-2","tags":["vendor-advisory","x_transferred"],"url":"https://usn.ubuntu.com/4333-2/"},{"name":"GLSA-202005-09","tags":["vendor-advisory","x_transferred"],"url":"https://security.gentoo.org/glsa/202005-09"},{"name":"FEDORA-2020-98e0f0f11b","tags":["vendor-advisory","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APGWEMYZIY5VHLCSZ3HD67PA5Z2UQFGH/"},{"name":"FEDORA-2020-6a88dad4a0","tags":["vendor-advisory","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WOKDEXLYW5UQ4S7PA7E37IITOC7C56J/"},{"name":"FEDORA-2020-8bdd3fd7a4","tags":["vendor-advisory","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UESGYI5XDAHJBATEZN3MHNDUBDH47AS6/"},{"name":"FEDORA-2020-ea5bdbcc90","tags":["vendor-advisory","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A5NSAX4SC3V64PGZUPH7PRDLSON34Q5A/"},{"name":"[debian-lts-announce] 20200715 [SECURITY] [DLA 2280-1] python3.5 security update","tags":["mailing-list","x_transferred"],"url":"https://lists.debian.org/debian-lts-announce/2020/07/msg00011.html"},{"name":"[cassandra-commits] 20210816 [jira] [Created] (CASSANDRA-16857) Security vulnerability CVE-2020-8492","tags":["mailing-list","x_transferred"],"url":"https://lists.apache.org/thread.html/rdb31a608dd6758c6093fd645aea3fbf022dd25b37109b6aaea5bc0b5%40%3Ccommits.cassandra.apache.org%3E"},{"name":"[cassandra-commits] 20210816 [jira] [Updated] (CASSANDRA-16857) Security vulnerability CVE-2020-8492","tags":["mailing-list","x_transferred"],"url":"https://lists.apache.org/thread.html/rfec113c733162b39633fd86a2d0f34bf42ac35f711b3ec1835c774da%40%3Ccommits.cassandra.apache.org%3E"},{"name":"[debian-lts-announce] 20230524 [SECURITY] [DLA 3432-1] python2.7 security update","tags":["mailing-list","x_transferred"],"url":"https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html"}]}]}}