Uh oh!
There was an error while loading.Please reload this page.
- Notifications
You must be signed in to change notification settings - Fork33.3k
gh-123067: Fix quadratic complexity in parsing cookies with backslashes#123075
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
Merged
serhiy-storchaka merged 4 commits intopython:mainfromserhiy-storchaka:http-coockies-optimize-reAug 17, 2024
Merged
gh-123067: Fix quadratic complexity in parsing cookies with backslashes#123075
serhiy-storchaka merged 4 commits intopython:mainfromserhiy-storchaka:http-coockies-optimize-reAug 17, 2024
Uh oh!
There was an error while loading.Please reload this page.
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
73e2aa9 to04ac47bCompareUh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Misc/NEWS.d/next/Library/2024-08-16-19-13-21.gh-issue-123067.Nx9O4R.rst OutdatedShow resolvedHide resolved
Uh oh!
There was an error while loading.Please reload this page.
sethmlarson approved these changesAug 16, 2024
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Ran the new tests with and without the changes, the approach looks good to me! Thanks@serhiy-storchaka! 🙏
picnixz approved these changesAug 17, 2024
Thanks@serhiy-storchaka for the PR 🌮🎉.. I'm working now to backport this PR to: 3.8, 3.9, 3.10, 3.11, 3.12, 3.13. |
miss-islington pushed a commit to miss-islington/cpython that referenced this pull requestAug 17, 2024
…values with backslashes (pythonGH-123075)This fixesCVE-2024-7592.(cherry picked from commit44e4583)Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
GH-123103 is a backport of this pull request to the3.13 branch. |
miss-islington pushed a commit to miss-islington/cpython that referenced this pull requestAug 17, 2024
…values with backslashes (pythonGH-123075)This fixesCVE-2024-7592.(cherry picked from commit44e4583)Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
GH-123104 is a backport of this pull request to the3.12 branch. |
miss-islington pushed a commit to miss-islington/cpython that referenced this pull requestAug 17, 2024
…values with backslashes (pythonGH-123075)This fixesCVE-2024-7592.(cherry picked from commit44e4583)Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
GH-123105 is a backport of this pull request to the3.11 branch. |
miss-islington pushed a commit to miss-islington/cpython that referenced this pull requestAug 17, 2024
…values with backslashes (pythonGH-123075)This fixesCVE-2024-7592.(cherry picked from commit44e4583)Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
GH-123106 is a backport of this pull request to the3.10 branch. |
miss-islington pushed a commit to miss-islington/cpython that referenced this pull requestAug 17, 2024
…values with backslashes (pythonGH-123075)This fixesCVE-2024-7592.(cherry picked from commit44e4583)Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
GH-123107 is a backport of this pull request to the3.9 branch. |
miss-islington pushed a commit to miss-islington/cpython that referenced this pull requestAug 17, 2024
…values with backslashes (pythonGH-123075)This fixesCVE-2024-7592.(cherry picked from commit44e4583)Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
GH-123108 is a backport of this pull request to the3.8 branch. |
jeremyhylton pushed a commit to jeremyhylton/cpython that referenced this pull requestAug 19, 2024
…values with backslashes (pythonGH-123075)This fixesCVE-2024-7592.
rickprice added a commit to ActiveState/cpython that referenced this pull requestAug 21, 2024
pythongh-123067: Fix quadratic complexity in parsing "-quoted cookie ……values with backslashes (pythonGH-123075)This fixesCVE-2024-7592.
rickprice added a commit to ActiveState/cpython that referenced this pull requestAug 22, 2024
pythongh-123067: Fix quadratic complexity in parsing "-quoted cookie ……values with backslashes (pythonGH-123075)This fixesCVE-2024-7592.Redo tests without a subtestBackport how RegEx stuff is handled to Python2
rickprice added a commit to ActiveState/cpython that referenced this pull requestAug 22, 2024
pythongh-123067: Fix quadratic complexity in parsing "-quoted cookie ……values with backslashes (pythonGH-123075)This fixesCVE-2024-7592.
blhsing pushed a commit to blhsing/cpython that referenced this pull requestAug 22, 2024
…values with backslashes (pythonGH-123075)This fixesCVE-2024-7592.
Akendo added a commit to gardenlinux/package-python3.12 that referenced this pull requestAug 22, 2024
We create a patch from the PR on GitHub that address the vulerability.python/cpython#123075
ambv pushed a commit that referenced this pull requestSep 4, 2024
…values with backslashes (GH-123075) (#123108)This fixesCVE-2024-7592.(cherry picked from commit44e4583)Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
ambv pushed a commit that referenced this pull requestSep 4, 2024
…values with backslashes (GH-123075) (#123107)This fixesCVE-2024-7592.(cherry picked from commit44e4583)Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
ambv pushed a commit that referenced this pull requestSep 4, 2024
… values with backslashes (GH-123075) (#123105)This fixesCVE-2024-7592.(cherry picked from commit44e4583)Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
ambv pushed a commit that referenced this pull requestSep 4, 2024
… values with backslashes (GH-123075) (#123106)This fixesCVE-2024-7592.(cherry picked from commit44e4583)Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
vEpiphyte added a commit to vertexproject/synapse that referenced this pull requestDec 31, 2024
Vendor the fixes from CPython forGHSA-7pwv-g7hj-39pr and applies them atimport time of `synapse.common`.python/cpython#123067python/cpython#123075
Sign up for freeto join this conversation on GitHub. Already have an account?Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading.Please reload this page.
This fixesCVE-2024-7592.
http.cookies._unquote()#123067