All vulnerabilities
CVE-2021-33503
Catastrophic backtracking in URL authority parser when passed URL containing many @ characters
Description
An issue was discovered in urllib3 before 1.26.5. When provided with a URL containing many @ characters in the authority component, the authority regular expression exhibits catastrophic backtracking, causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect.
Patch Available
Fix available through Seal Security.
No upgrade required, protect your application instantly.
Fix without upgrading
Score
Severity
Ecosystem
Python
Publish Date
June 29, 2021
Modified Date
November 7, 2023
Score Vector
Affected Versions
