[Japanese]
|
JVNDB-2021-001756
|
urllib3 vulnerable to Regular expression Denial-of-Service (ReDoS)
|
urllib3 contains a Regular expression Denial-of-Service (DoS) vulnerability.
urllib3, an HTTP client module for Python, contains a Regular expression Denial-of-Service (ReDoS) vulnerability (CWE-400, CVE-2021-33503) due to catastrophic backtracking while processing a malicious URL.
Nariyoshi Chida of NTT Secure Platform Laboratories reported this vulnerability to urllib3 community and coordinated. JPCERT/CC published this advisory in order to notify users of this vulnerability.
|
CVSS V3 Severity: Base Metrics 5.3 (Medium) [IPA Score]
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: Low
CVSS V2 Severity: Base Metrics 5.0 (Medium) [NVD Score]
- Access Vector: Network
- Access Complexity: Low
- Authentication: None
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: Partial
|
|
Python Software Foundation
- urllib3 versions prior to v1.26.5
|
|
A remote attacker may be able to cause a denial-of-service (DoS).
|
[Update the Software]
Apply the appropriate update according to the information provided by the developer.
Developer has released the fixed version v1.26.5.
|
Python Software Foundation
|
- Uncontrolled Resource Consumption ('Resource Exhaustion')(CWE-400) [IPA Evaluation]
|
- CVE-2021-33503
|
- JVN : JVNVU#92413403
- National Vulnerability Database (NVD) : CVE-2021-33503
|
- [2021/06/08]
Web page was published
|