Safety vulnerability ID: 52868
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Mechanize 0.4.6 includes a fix for CVE-2021-32837: Mechanize contains a regular expression that is vulnerable to regular expression denial of service (ReDoS) prior to version 0.4.6. If a web server responds in a malicious way, then mechanize could crash.
https://securitylab.github.com/advisories/GHSL-2021-108-python-mechanize-mechanize
Latest version: 0.4.10
Stateful, programmatic web browsing
mechanize, a library for automatically interacting with HTTP web servers, contains a regular expression that is vulnerable to regular expression denial of service (ReDoS) prior to version 0.4.6. If a web server responds in a malicious way, then mechanize could crash. Version 0.4.6 has a patch for the issue. See CVE-2021-32837.
CONFIRM:https://securitylab.github.com/advisories/GHSL-2021-108-python-mechanize-mechanize/: https://securitylab.github.com/advisories/GHSL-2021-108-python-mechanize-mechanize/
MISC:https://github.com/python-mechanize/mechanize/blob/3acb1836f3fd8edc5a758a417dd46b53832ae3b5/mechanize/_urllib2_fork.py#L878-L879: https://github.com/python-mechanize/mechanize/blob/3acb1836f3fd8edc5a758a417dd46b53832ae3b5/mechanize/_urllib2_fork.py#L878-L879
MISC:https://github.com/python-mechanize/mechanize/commit/dd05334448e9f39814bab044d2eaa5ef69b410d6: https://github.com/python-mechanize/mechanize/commit/dd05334448e9f39814bab044d2eaa5ef69b410d6
MISC:https://github.com/python-mechanize/mechanize/releases/tag/v0.4.6: https://github.com/python-mechanize/mechanize/releases/tag/v0.4.6
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application