### ImpactWhen provided with a URL containing many `@` characters in the authority component the authority regular expression exhibits catastrophic backtracking causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect.### PatchesThe issue has been fixed in urllib3 v1.26.5.### References- [CVE-2021-33503](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33503)- [JVNVU#92413403 (English)](https://jvn.jp/en/vu/JVNVU92413403/)- [JVNVU#92413403 (Japanese)](https://jvn.jp/vu/JVNVU92413403/)- [urllib3 v1.26.5](https://github.com/urllib3/urllib3/releases/tag/1.26.5)### For more informationIf you have any questions or comments about this advisory:* Ask in our [community Discord](https://discord.gg/urllib3)* Email [sethmichaellarson@gmail.com](mailto:sethmichaellarson@gmail.com)