VDB
ALPINE-CVE-2020-8492
ALPINE-CVE-2020-8492
PUBLISHED
CVSS 6.5 MEDIUM
Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking.
Risk Scores
CVSS v3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Alpine:v3.15 | python3 | 3.8.1-r2, 3.8.1-r1, 3.8.1-r0 |
| Alpine:v3.11 | python3 | 3.6.6-r2, 0, 3.1.3-r0 |
| Alpine:v3.16 | python3 | 0, 3.8.1-r3, 3.1.3-r0 |
| Alpine:v3.12 | python3 | 3.4.1-r0, 3.8.1-r3, 3.8.1-r2 |
| Alpine:v3.13 | python3 | 0, 3.1.3-r0, 3.2.0-r0 |
| Alpine:v3.20 | python3 | 3.6.6-r1, 3.8.1-r3, 3.8.1-r2 |
| Alpine:v3.18 | python3 | 3.8.1-r2, 0, 3.1.3-r0 |
| Alpine:v3.21 | python3 | 3.6.2-r2, 0, 3.1.3-r0 |
| Alpine:v3.19 | python3 | 0, 3.8.1-r3, 3.8.1-r2 |
| Alpine:v3.23 | python3 | 3.1.3-r0, 3.8.1-r3, 3.8.1-r2 |
| Alpine:v3.14 | python3 | 3.8.1-r3, 3.1.3-r0, 3.2.0-r0 |
| Alpine:v3.22 | python3 | 0, 3.6.3-r3, 3.8.1-r3 |
| Alpine:v3.10 | python3 | 3.6.8-r1, 3.5.2-r1, 3.3.3-r0 |
| Alpine:v3.17 | python3 | 3.6.2-r3, 3.8.1-r1, 3.6.2-r2 |
Timeline
- Jan 30, 2020 CVE Published
- Dec 3, 2025 CVE Updated
- Apr 30, 2026 Distribution Patch