mechanize vulnerable to ReDoS
CVE-2021-32837

7.5HIGH

Key Information:

Vendor: Python-mechanize
Status: Mechanize
Vendor: CVE Published:; 17 January 2023

Summary

The Mechanize library, used for automated HTTP interactions, is vulnerable to a regular expression denial of service (ReDoS) prior to version 0.4.6. This vulnerability can be exploited if a web server responds inappropriately, potentially leading to a crash of the Mechanize library. Users are advised to upgrade to version 0.4.6 or later, which contains a fix for this issue.

Affected Version(s)

mechanize 0.4.6

References

https://securitylab.github.com/advisories/GHSL-2021-108-p...

https://github.com/python-mechanize/mechanize/blob/3acb18...

https://github.com/python-mechanize/mechanize/releases/ta...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 17, 2023
Vulnerability Reserved
May 12, 2021