medium severity
Do your applications use this vulnerable package?
Test your applications
Overview
Affected versions of this package are vulnerable to ALAS2-2020-1471. Package updates are available for Amazon Linux 2 that fix the following vulnerabilities: CVE-2020-8492: 1809065: CVE-2020-8492 python: wrong backtracking in urllib.request.AbstractBasicAuthHandler allows for a ReDoS Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking.
Remediation
Upgrade python to version or higher.
References
- CVE
- ALAS2-2020-1471
- Snyk ID
- SNYK-AMZN2-PYTHON-597411
- Published
- 05 Aug, 2020