安全公告/【CVE-2021-3733】

基本信息

系统版本:服务器
危险等级:中
影响源码包:python3
CVSS_v3评分:6.5
修复版本:python3-3.7.9-16

漏洞描述

There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability.

修复方式

yum update PackageName

漏洞判定

执行命令yum info PackageName获取软件包版本号,版本小于修复版本,则受此漏洞影响,版本大于等于修复版本,则此漏洞已修复

补丁