CVE-2020-7212

Name of the Vulnerable Software and Affected Versions urllib3 library versions 1.25.2 through 1.25.7

Description The issue is related to an inefficient algorithm in the encode invalid chars function, which can lead to a denial of service due to CPU consumption. This happens because the percent encodings array is not deduplicated, resulting in a time complexity of O(N^2) for a URL of length N. If the array were deduplicated, the time complexity would be reduced to O(kN), where k is a constant. The vulnerability can be exploited by a remote attacker to cause a denial of service.

Recommendations For versions 1.25.2 through 1.25.7, consider updating to a version where the encode invalid chars function is optimized to deduplicate the percent encodings array, thus reducing the time complexity and mitigating the denial of service risk.