{"api_version":"1","generated_at":"2026-04-22T20:52:24+00:00","cve":"CVE-2020-8492","urls":{"html":"https://cve.report/CVE-2020-8492","api":"https://cve.report/api/cve/CVE-2020-8492.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2020-8492","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2020-8492"},"summary":{"title":"CVE-2020-8492","description":"Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2020-01-30 19:15:00","updated_at":"2023-11-07 03:26:00"},"problem_types":["CWE-400"],"metrics":[],"references":[{"url":"https://lists.debian.org/debian-lts-announce/2020/07/msg00011.html","name":"[debian-lts-announce] 20200715 [SECURITY] [DLA 2280-1] python3.5 security update","refsource":"MLIST","tags":[],"title":"[SECURITY] [DLA 2280-1] python3.5 security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.apache.org/thread.html/rdb31a608dd6758c6093fd645aea3fbf022dd25b37109b6aaea5bc0b5%40%3Ccommits.cassandra.apache.org%3E","name":"[cassandra-commits] 20210816 [jira] [Created] (CASSANDRA-16857) Security vulnerability CVE-2020-8492","refsource":"","tags":[],"title":"Pony Mail!","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UESGYI5XDAHJBATEZN3MHNDUBDH47AS6/","name":"FEDORA-2020-8bdd3fd7a4","refsource":"","tags":[],"title":"[SECURITY] Fedora 32 Update: python36-3.6.11-1.fc32 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A5NSAX4SC3V64PGZUPH7PRDLSON34Q5A/","name":"FEDORA-2020-ea5bdbcc90","refsource":"","tags":[],"title":"[SECURITY] Fedora 31 Update: python36-3.6.11-1.fc31 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.apache.org/thread.html/rfec113c733162b39633fd86a2d0f34bf42ac35f711b3ec1835c774da@%3Ccommits.cassandra.apache.org%3E","name":"[cassandra-commits] 20210816 [jira] [Updated] (CASSANDRA-16857) Security vulnerability CVE-2020-8492","refsource":"MLIST","tags":[],"title":"Pony Mail!","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://usn.ubuntu.com/4333-1/","name":"USN-4333-1","refsource":"UBUNTU","tags":[],"title":"USN-4333-1: Python vulnerabilities | Ubuntu security notices","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html","name":"[debian-lts-announce] 20230524 [SECURITY] [DLA 3432-1] python2.7 security update","refsource":"MLIST","tags":[],"title":"[SECURITY] [DLA 3432-1] python2.7 security update","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WOKDEXLYW5UQ4S7PA7E37IITOC7C56J/","name":"FEDORA-2020-6a88dad4a0","refsource":"","tags":[],"title":"[SECURITY] Fedora 31 Update: python38-3.8.3-1.fc31 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://security.gentoo.org/glsa/202005-09","name":"GLSA-202005-09","refsource":"GENTOO","tags":[],"title":"Python: Denial of Service (GLSA 202005-09) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7WOKDEXLYW5UQ4S7PA7E37IITOC7C56J/","name":"FEDORA-2020-6a88dad4a0","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 31 Update: python38-3.8.3-1.fc31 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://usn.ubuntu.com/4333-2/","name":"USN-4333-2","refsource":"UBUNTU","tags":[],"title":"USN-4333-2: Python vulnerabilities | Ubuntu security notices","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://python-security.readthedocs.io/vuln/urllib-basic-auth-regex.html","name":"https://python-security.readthedocs.io/vuln/urllib-basic-auth-regex.html","refsource":"MISC","tags":["Exploit","Third Party Advisory"],"title":"urllib basic auth regex denial of service — Python Security 0.0 documentation","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.apache.org/thread.html/rdb31a608dd6758c6093fd645aea3fbf022dd25b37109b6aaea5bc0b5@%3Ccommits.cassandra.apache.org%3E","name":"[cassandra-commits] 20210816 [jira] [Created] (CASSANDRA-16857) Security vulnerability CVE-2020-8492","refsource":"MLIST","tags":[],"title":"Pony Mail!","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APGWEMYZIY5VHLCSZ3HD67PA5Z2UQFGH/","name":"FEDORA-2020-98e0f0f11b","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 32 Update: python3-3.8.3-1.fc32 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.apache.org/thread.html/rfec113c733162b39633fd86a2d0f34bf42ac35f711b3ec1835c774da%40%3Ccommits.cassandra.apache.org%3E","name":"[cassandra-commits] 20210816 [jira] [Updated] (CASSANDRA-16857) Security vulnerability CVE-2020-8492","refsource":"","tags":[],"title":"Pony Mail!","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5NSAX4SC3V64PGZUPH7PRDLSON34Q5A/","name":"FEDORA-2020-ea5bdbcc90","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 31 Update: python36-3.6.11-1.fc31 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://github.com/python/cpython/pull/18284","name":"https://github.com/python/cpython/pull/18284","refsource":"MISC","tags":["Patch","Third Party Advisory"],"title":"bpo-39503: Fix urllib basic auth regex by vstinner · Pull Request #18284 · python/cpython · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://security.netapp.com/advisory/ntap-20200221-0001/","name":"https://security.netapp.com/advisory/ntap-20200221-0001/","refsource":"CONFIRM","tags":["Third Party Advisory"],"title":"CVE-2020-8492 Python Vulnerability in NetApp Products | NetApp Product Security","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APGWEMYZIY5VHLCSZ3HD67PA5Z2UQFGH/","name":"FEDORA-2020-98e0f0f11b","refsource":"","tags":[],"title":"[SECURITY] Fedora 32 Update: python3-3.8.3-1.fc32 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://bugs.python.org/issue39503","name":"https://bugs.python.org/issue39503","refsource":"MISC","tags":["Issue Tracking","Vendor Advisory"],"title":"Issue 39503: [security][CVE-2020-8492] Denial of service in urllib.request.AbstractBasicAuthHandler - Python tracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UESGYI5XDAHJBATEZN3MHNDUBDH47AS6/","name":"FEDORA-2020-8bdd3fd7a4","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 32 Update: python36-3.6.11-1.fc32 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00003.html","name":"openSUSE-SU-2020:0274","refsource":"SUSE","tags":["Third Party Advisory"],"title":"[security-announce] openSUSE-SU-2020:0274-1: moderate: Security update f","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2020-8492","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-8492","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2020","cve_id":"8492","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"12.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"8492","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"14.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"esm","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"8492","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"16.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"esm","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"8492","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"18.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"8492","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"19.10","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"8492","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"20.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"8492","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"8492","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"31","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"8492","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"32","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"8492","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"opensuse","cpe5":"leap","cpe6":"15.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"8492","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"opensuse","cpe5":"leap","cpe6":"15.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"8492","vulnerable":"1","versionEndIncluding":"2.7.17","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"python","cpe5":"python","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"8492","vulnerable":"1","versionEndIncluding":"3.5.9","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"python","cpe5":"python","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"8492","vulnerable":"1","versionEndIncluding":"3.6.10","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"python","cpe5":"python","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"8492","vulnerable":"1","versionEndIncluding":"3.7.6","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"python","cpe5":"python","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"8492","vulnerable":"1","versionEndIncluding":"3.8.1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"python","cpe5":"python","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2020-8492","qid":"159654","title":"Oracle Enterprise Linux Security Update for python38:3.8 (ELSA-2020-4641)"},{"cve":"CVE-2020-8492","qid":"181802","title":"Debian Security Update for python2.7 (DLA 3432-1)"},{"cve":"CVE-2020-8492","qid":"198293","title":"Ubuntu Security Notification for Python2.7, Python3.7, Python3.8 Vulnerabilities (USN-4754-3)"},{"cve":"CVE-2020-8492","qid":"198611","title":"Ubuntu Security Notification for Python Vulnerabilities (USN-5200-1)"},{"cve":"CVE-2020-8492","qid":"296073","title":"Oracle Solaris 11.4 Support Repository Update (SRU) 24.75.2 Missing (CPUJUL2020)"},{"cve":"CVE-2020-8492","qid":"356280","title":"Amazon Linux Security Advisory for python38 : ALASPYTHON3.8-2023-006"},{"cve":"CVE-2020-8492","qid":"356582","title":"Amazon Linux Security Advisory for python38 : ALAS2PYTHON3.8-2023-006"},{"cve":"CVE-2020-8492","qid":"376090","title":"IBM Cognos Analytics Multiple Vulnerabilities (6491661)"},{"cve":"CVE-2020-8492","qid":"377257","title":"Alibaba Cloud Linux Security Update for python3 (ALINUX2-SA-2020:0137)"},{"cve":"CVE-2020-8492","qid":"377387","title":"Alibaba Cloud Linux Security Update for python3 (ALINUX3-SA-2021:0080)"},{"cve":"CVE-2020-8492","qid":"500591","title":"Alpine Linux Security Update for python3"},{"cve":"CVE-2020-8492","qid":"504341","title":"Alpine Linux Security Update for python3"},{"cve":"CVE-2020-8492","qid":"690114","title":"Free Berkeley Software Distribution (FreeBSD) Security Update for tauthon (c7855866-c511-11eb-ae1d-b42e991fc52e)"},{"cve":"CVE-2020-8492","qid":"690464","title":"Free Berkeley Software Distribution (FreeBSD) Security Update for python (2cb21232-fb32-11ea-a929-a4bf014bf5f7)"},{"cve":"CVE-2020-8492","qid":"750463","title":"OpenSUSE Security Update for python3 (openSUSE-SU-2020:2333-1)"},{"cve":"CVE-2020-8492","qid":"750464","title":"OpenSUSE Security Update for python3 (openSUSE-SU-2020:2332-1)"},{"cve":"CVE-2020-8492","qid":"752957","title":"SUSE Enterprise Linux Security Update for python3 (SUSE-SU-2022:4281-1)"},{"cve":"CVE-2020-8492","qid":"770068","title":"Red Hat OpenShift Container Platform 4.6 Security Update (RHSA-2021:0436)"},{"cve":"CVE-2020-8492","qid":"940166","title":"AlmaLinux Security Update for python3 (ALSA-2020:4433)"},{"cve":"CVE-2020-8492","qid":"940211","title":"AlmaLinux Security Update for python38:3.8 (ALSA-2020:4641)"},{"cve":"CVE-2020-8492","qid":"960347","title":"Rocky Linux Security Update for python38:3.8 (RLSA-2020:4641)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2020-8492","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"url":"https://bugs.python.org/issue39503","refsource":"MISC","name":"https://bugs.python.org/issue39503"},{"url":"https://python-security.readthedocs.io/vuln/urllib-basic-auth-regex.html","refsource":"MISC","name":"https://python-security.readthedocs.io/vuln/urllib-basic-auth-regex.html"},{"url":"https://github.com/python/cpython/pull/18284","refsource":"MISC","name":"https://github.com/python/cpython/pull/18284"},{"refsource":"CONFIRM","name":"https://security.netapp.com/advisory/ntap-20200221-0001/","url":"https://security.netapp.com/advisory/ntap-20200221-0001/"},{"refsource":"SUSE","name":"openSUSE-SU-2020:0274","url":"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00003.html"},{"refsource":"UBUNTU","name":"USN-4333-1","url":"https://usn.ubuntu.com/4333-1/"},{"refsource":"UBUNTU","name":"USN-4333-2","url":"https://usn.ubuntu.com/4333-2/"},{"refsource":"GENTOO","name":"GLSA-202005-09","url":"https://security.gentoo.org/glsa/202005-09"},{"refsource":"FEDORA","name":"FEDORA-2020-98e0f0f11b","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APGWEMYZIY5VHLCSZ3HD67PA5Z2UQFGH/"},{"refsource":"FEDORA","name":"FEDORA-2020-6a88dad4a0","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7WOKDEXLYW5UQ4S7PA7E37IITOC7C56J/"},{"refsource":"FEDORA","name":"FEDORA-2020-8bdd3fd7a4","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UESGYI5XDAHJBATEZN3MHNDUBDH47AS6/"},{"refsource":"FEDORA","name":"FEDORA-2020-ea5bdbcc90","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5NSAX4SC3V64PGZUPH7PRDLSON34Q5A/"},{"refsource":"MLIST","name":"[debian-lts-announce] 20200715 [SECURITY] [DLA 2280-1] python3.5 security update","url":"https://lists.debian.org/debian-lts-announce/2020/07/msg00011.html"},{"refsource":"MLIST","name":"[cassandra-commits] 20210816 [jira] [Created] (CASSANDRA-16857) Security vulnerability CVE-2020-8492","url":"https://lists.apache.org/thread.html/rdb31a608dd6758c6093fd645aea3fbf022dd25b37109b6aaea5bc0b5@%3Ccommits.cassandra.apache.org%3E"},{"refsource":"MLIST","name":"[cassandra-commits] 20210816 [jira] [Updated] (CASSANDRA-16857) Security vulnerability CVE-2020-8492","url":"https://lists.apache.org/thread.html/rfec113c733162b39633fd86a2d0f34bf42ac35f711b3ec1835c774da@%3Ccommits.cassandra.apache.org%3E"},{"refsource":"MLIST","name":"[debian-lts-announce] 20230524 [SECURITY] [DLA 3432-1] python2.7 security update","url":"https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html"}]}},"nvd":{"publishedDate":"2020-01-30 19:15:00","lastModifiedDate":"2023-11-07 03:26:00","problem_types":["CWE-400"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":6.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:C","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"COMPLETE","baseScore":7.1},"severity":"HIGH","exploitabilityScore":8.6,"impactScore":6.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:python:python:*:*:*:*:*:*:*:*","versionStartIncluding":"3.8.0","versionEndIncluding":"3.8.1","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:python:python:*:*:*:*:*:*:*:*","versionStartIncluding":"3.7.0","versionEndIncluding":"3.7.6","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:python:python:*:*:*:*:*:*:*:*","versionStartIncluding":"3.6.0","versionEndIncluding":"3.6.10","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:python:python:*:*:*:*:*:*:*:*","versionStartIncluding":"3.5.0","versionEndIncluding":"3.5.9","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:python:python:*:*:*:*:*:*:*:*","versionStartIncluding":"2.7.0","versionEndIncluding":"2.7.17","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2020","CveId":"8492","Ordinal":"168831","Title":"CVE-2020-8492","CVE":"CVE-2020-8492","Year":"2020"},"notes":[{"CveYear":"2020","CveId":"8492","Ordinal":"1","NoteData":"Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking.","Type":"Description","Title":null},{"CveYear":"2020","CveId":"8492","Ordinal":"2","NoteData":"2020-01-30","Type":"Other","Title":"Published"},{"CveYear":"2020","CveId":"8492","Ordinal":"3","NoteData":"2021-08-16","Type":"Other","Title":"Modified"}]}}}