Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2021-33503

Published: 29/06/2021 Updated: 07/11/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Python

Vulnerability Summary

An issue exists in urllib3 prior to 1.26.5. When provided with a URL containing many @ characters in the authority component, the authority regular expression exhibits catastrophic backtracking, causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

python urllib3

fedoraproject fedora 33

fedoraproject fedora 34

oracle instantis enterprisetrack 17.1

oracle instantis enterprisetrack 17.2

oracle instantis enterprisetrack 17.3

oracle enterprise manager ops center 12.4.0.0

oracle zfs storage appliance kit 8.8

Vendor Advisories

Debian CVElist Bug Report Logs: python-urllib3: CVE-2021-33503
Debian Bug report logs - #989848 python-urllib3: CVE-2021-33503 Package: src:python-urllib3; Maintainer for src:python-urllib3 is Debian Python Team <team+python@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 14 Jun 2021 19:09:02 UTC Severity: important Tags: security, upstream ...
Amazon Linux 2: ALAS2-2021-1688
A flaw was found in python-urllib3 When provided with a URL containing many @ characters in the authority component, the authority's regular expression exhibits catastrophic backtracking This flaw causes a denial of service if a URL is passed as a parameter or redirected via an HTTP redirect The highest threat from this vulnerability is to syste ...
Red Hat: CVE-2021-33503
No description is available for this CVE ...
Arch Linux Issues:
A security issue has been found in python-urllib3 before version 1265 When provided with a URL containing many @ characters in the authority component, the authority regular expression exhibits catastrophic backtracking, causing a denial of service if a URL was passed as a parameter or redirected to via an HTTP redirect ...

Github Repositories

https://github.com/p-rog/cve-analyser

A tool to analyse the list of detected CVEs in the containers (usually created by static security scanner) and compare them to the Red Hat Security Data.

cve-analyser A tool to analyse the list of detected CVEs in the containers (usually created by security scanner like JFrog, Aqua, Sysdig or similar) and compare them to the Red Hat Security Data The cve-analyser can find fixes in the rpm packages bundled in the specified container, as well as the fixes in the non-rpm content (like nodejs libraries) Usage To use this tool just

References

CWE-400https://github.com/advisories/GHSA-q2q7-5pp4-w6pghttps://github.com/urllib3/urllib3/commit/2d4a3fee6de2fa45eb82169361918f759269b4echttps://security.gentoo.org/glsa/202107-36https://www.oracle.com/security-alerts/cpuoct2021.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FMUGWEAUYGGHTPPXT6YBD53WYXQGVV73/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6SCV7ZNAHS3E6PBFLJGENCDRDRWRZZ6W/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989848https://nvd.nist.govhttps://github.com/p-rog/cve-analyserhttps://alas.aws.amazon.com/AL2/ALAS-2021-1688.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4040cross-site scriptingCVE-2023-25790CVE-2024-2961XML external entityCVE-2024-26926CVE-2024-32806CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook