python3: urllib basic auth regex denial of service (CVE-2020-8492)
Python 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking.
- https://github.com/python/cpython/commit/69cdeeb93e0830004a495ed854022425b93b3f3e (3.6)
- https://github.com/python/cpython/commit/b57a73694e26e8b2391731b5ee0b1be59437388e (3.7)
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information