ALAS2-2020-1471

Affecting python package, versions <2.7.18-1.amzn2.0.1

Report new vulnerabilities
medium severity
Do your applications use this vulnerable package? Test your applications

Overview

Affected versions of this package are vulnerable to ALAS2-2020-1471. Package updates are available for Amazon Linux 2 that fix the following vulnerabilities: CVE-2020-8492: 1809065: CVE-2020-8492 python: wrong backtracking in urllib.request.AbstractBasicAuthHandler allows for a ReDoS Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking.

Remediation

Upgrade python to version or higher.

References

CVE
ALAS2-2020-1471
Snyk ID
SNYK-AMZN2-PYTHON-597411
Published
05 Aug, 2020