An issue exists in urllib3 prior to 1.26.5. When provided with a URL containing many @ characters in the authority component, the authority regular expression exhibits catastrophic backtracking, causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
python urllib3 |
||
fedoraproject fedora 33 |
||
fedoraproject fedora 34 |
||
oracle instantis enterprisetrack 17.1 |
||
oracle instantis enterprisetrack 17.2 |
||
oracle instantis enterprisetrack 17.3 |
||
oracle enterprise manager ops center 12.4.0.0 |
||
oracle zfs storage appliance kit 8.8 |