In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsUpgrade RHEL:8
python38:3.8/python38-cryptography
to version 0:2.8-3.module+el8.4.0+8888+89bc7e79 or higher.
This issue was patched in RHSA-2022:1764
.
Note: Versions mentioned in the description apply only to the upstream python38:3.8/python38-cryptography
package and not the python38:3.8/python38-cryptography
package as distributed by RHEL
.
See How to fix?
for RHEL:8
relevant fixed versions and status.
There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability.