Python is vulnerable to a denial of service, caused by a flaw in the urllib.request.AbstractBasicAuthHandler. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a Regular Expression Denial of Service (ReDoS). This vulnerability has been addressed by IBM Cloud App Management in a later version.
Affected product(s) and affected version(s):
| Affected Product(s) | Version(s) |
| IBM Cloud App Management V2018 | 2019.3.0 |
| IBM Cloud App Management V2018 | 2019.4.0 |
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www.ibm.com/support/pages/node/6190569
The post Security Bulletin: A vulnerability in Python affects IBM Cloud App Management (CVE-2020-8492) appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team https://ift.tt/2MtTKiB
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.