{"uuid": "5fb2855c-dac9-4ad2-91ff-6d2a8f5ab3ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45061", "type": "seen", "source": "https://t.me/arpsyndicate/1650", "content": "#ExploitObserverAlert\n\nCVE-2022-45061\n\nDESCRIPTION: Exploit Observer has 38 entries related to CVE-2022-45061. An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16.\n\nFIRST-EPSS: 0.002920000\nNVD-IS: 3.6\nNVD-ES: 3.9", "creation_timestamp": "2023-12-10T16:04:31.000000Z"}