PT-2023-12176 · Pypi+2 · Mechanize+2

Erik Krogh Kristensen

Published

2022-04-05

Updated

2025-12-22

CVE-2021-32837

CVSS v4.0

8.7

High

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions mechanize versions prior to 0.4.6

Description The mechanize library, used for automatically interacting with HTTP web servers, contains a regular expression vulnerable to regular expression denial of service (ReDoS). If a web server responds maliciously, mechanize could crash.

Recommendations For versions prior to 0.4.6, update to version 0.4.6 to resolve the issue. As a temporary workaround, consider restricting interactions with potentially malicious web servers until the patch is applied.

Exploit

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1333

Related Identifiers

ALT-PU-2022-1635

ALT-PU-2024-15187

ALT-PU-2024-8936

CVE-2021-32837

DLA-3460-1

DLA-4418-1

GHSA-G3PV-PJ5F-3HFQ

MGASA-2023-0036

OPENSUSE-SU-2023:0030-1

OPENSUSE-SU-2024:12621-1

OPENSUSE-SU-2025:15098-1

PYSEC-2023-25

Affected Products

Alt Linux

Debian

Mechanize

PT-2023-12176 · Pypi+2 · Mechanize+2

CVE-2021-32837

Weakness Enumeration

Related Identifiers

Affected Products

References · 32