mirror of https://github.com/python/cpython
0b297d4ff1
The AbstractBasicAuthHandler class of the urllib.request module uses an inefficient regular expression which can be exploited by an attacker to cause a denial of service. Fix the regex to prevent the catastrophic backtracking. Vulnerability reported by Ben Caller and Matt Schwager. AbstractBasicAuthHandler of urllib.request now parses all WWW-Authenticate HTTP headers and accepts multiple challenges per header: use the realm of the first Basic challenge. Co-Authored-By: Serhiy Storchaka <storchaka@gmail.com> |
||
|---|---|---|
| .. | ||
| __init__.py | ||
| error.py | ||
| parse.py | ||
| request.py | ||
| response.py | ||
| robotparser.py | ||