Fixed
Created: Feb 1, 2020
Updated: Apr 21, 2022
Resolved Date: Jun 10, 2020
Found In Version: 10.19.45.1
Fix Version: 10.19.45.8
Severity: Standard
Applicable for: Wind River Linux LTS 19
Component/s: Userspace
Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking.
CREATE(Triage):(User=admin) CVE-2020-8492 (https://nvd.nist.gov/vuln/detail/CVE-2020-8492)