CVE-2021-3733 – python: urllib: Regular expression DoS in AbstractBasicAuthHandler
https://notcve.org/view.php?id=CVE-2021-3733
There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability. Se presenta un fallo en la clase AbstractBasicAuthHandler de urllib. Un atacante que controle un servidor HTTP malicioso al que se conecte un cliente HTTP (como un navegador web), podría desencadenar una Denegación de Servicio por Expresión Regular (ReDOS) durante una petición de autenticación con una carga útil especialmente diseñada que sea enviada por el servidor al cliente. • https://bugs.python.org/issue43075 https://bugzilla.redhat.com/show_bug.cgi?id=1995234 https://github.com/python/cpython/commit/7215d1ae25525c92b026166f9d5cac85fb https://github.com/python/cpython/pull/24391 https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html https://security.netapp.com/advisory/ntap-20220407-0001 https://ubuntu.com/security/CVE-2021-3733 https://access.redhat.com/security/cve/CVE-2021-3733 • CWE-400: Uncontrolled Resource Consumption •
CVE-2021-3737 – python: urllib: HTTP client possible infinite loop on a 100 Continue response
https://notcve.org/view.php?id=CVE-2021-3737
A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability. Se ha encontrado un fallo en python. Una respuesta HTTP manejada inapropiadamente en el código del cliente HTTP de python puede permitir a un atacante remoto, que controle el servidor HTTP, hacer que el script del cliente entre en un bucle infinito, consumiendo tiempo de CPU. • https://bugs.python.org/issue44022 https://bugzilla.redhat.com/show_bug.cgi?id=1995162 https://github.com/python/cpython/pull/25916 https://github.com/python/cpython/pull/26503 https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html https://python-security.readthedocs.io/vuln/urllib-100-continue-loop.html https://security.netapp.com/advisory/ntap-20220407-0009 https://ubuntu.com/security/CVE-2021-3737 • CWE-400: Uncontrolled Resource Consumption CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVE-2021-3426 – python: Information disclosure via pydoc
https://notcve.org/view.php?id=CVE-2021-3426
There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to access. The highest risk of this flaw is to data confidentiality. This flaw affects Python versions before 3.8.9, Python versions before 3.9.3 and Python versions before 3.10.0a7. Se presenta un fallo en pydoc de Python versión 3. • https://bugzilla.redhat.com/show_bug.cgi?id=1935913 https://lists.debian.org/debian-lts-announce/2021/04/msg00005.html https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/25HVHLBGO2KNPXJ3G426QEYSSCECJDU5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BF2K7HEWADHN6P52R3QLIOX27U3DJ4HI https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2021-28667
https://notcve.org/view.php?id=CVE-2021-28667
StackStorm before 3.4.1, in some situations, has an infinite loop that consumes all available memory and disk space. This can occur if Python 3.x is used, the locale is not utf-8, and there is an attempt to log Unicode data (from an action or rule name). StackStorm versiones anteriores a 3.4.1, en algunas situaciones, presenta un bucle infinito que consume toda la memoria disponible y el espacio en disco. Esto puede ocurrir si se usa Python versión 3.x, la configuración regional no es utf-8 y se intenta registrar datos Unicode (a partir de un nombre de acción o regla) • https://stackstorm.com/2021/03/10/stackstorm-v3-4-1-security-fix • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVE-2021-23336 – Web Cache Poisoning
https://notcve.org/view.php?id=CVE-2021-23336
The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter. El paquete python/cpython desde versiones 0 y anteriores a 3.6.13, desde versiones 3.7.0 y anteriores a 3.7.10, desde versiones 3.8.0 y anteriores a 3.8.8, desde versiones 3.9.0 y anteriores a 3.9.2, son vulnerables al envenenamiento de caché web por medio de urllib.parse.parse_qsl y urllib.parse.parse_qs usando un vector llamado encubrimiento de parámetros. Cuando el atacante puede separar los parámetros de la consulta usando un punto y coma (;), pueden causar una diferencia en la interpretación de la petición entre el proxy (que se ejecuta con la configuración predeterminada) y el servidor. • http://www.openwall.com/lists/oss-security/2021/02/19/4 http://www.openwall.com/lists/oss-security/2021/05/01/2 https://github.com/python/cpython/pull/24297 https://lists.apache.org/thread.html/ra8ce70088ba291f358e077cafdb14d174b7a1ce9a9d86d1b332d6367%40%3Cusers.airflow.apache.org%3E https://lists.apache.org/thread.html/rc005f4de9d9b0ba943ceb8ff5a21a5c6ff8a9df52632476698d99432%40%3Cannounce.apache.org%3E https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E https:/ • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •