References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Change History

https://github.com/python/cpython/commit/8d1b3dfa09135affbbf27fb8babcf3c11415df49

https://github.com/python/cpython/commit/ab0893fd5c579d9cea30841680e6d35fc478afb5

https://github.com/python/cpython/commit/f3c6f882cddc8dc30320d2e73edf019e201394fc

https://github.com/python/cpython/commit/fdc9d214c01cb4588f540cfa03726bbf2a33fc15

The html.parser.HTMLParser class had worse-case quadratic complexity when processing certain crafted malformed inputs potentially leading to amplified denial-of-service.

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CWE-1333

https://github.com/python/cpython/commit/4455cbabf991e202185a25a631af206f60bbc949

https://github.com/python/cpython/commit/6eb6c5dbfb528bd07d77b60fd71fd05d81d45c41

https://github.com/python/cpython/commit/d851f8e258c7328814943e923a7df81bca15df4b

https://github.com/python/cpython/issues/135462

https://github.com/python/cpython/pull/135464

https://mail.python.org/archives/list/[email protected]/thread/K5PIYLR6EP3WR7ZOKKYQUWEDNQVUXOYM/