An issue was discovered in urllib3 before 1.26.5. When provided with a URL containing many @ characters in the authority component, the authority regular expression exhibits catastrophic backtracking, causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| urllib3(PyPI) | 1.25.4 | 1.26.5 | N/A |
CVSS Metrics
