CVE-2021-32837 — HIGH (7.5)

Q: How severe is CVE-2021-32837?

CVE-2021-32837 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-32837?

Check the references section above for vendor advisories and patch information. Affected products include: Mechanize Project Mechanize.

Vulnerability Description

mechanize, a library for automatically interacting with HTTP web servers, contains a regular expression that is vulnerable to regular expression denial of service (ReDoS) prior to version 0.4.6. If a web server responds in a malicious way, then mechanize could crash. Version 0.4.6 has a patch for the issue.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Mechanize Project	Mechanize	< 0.4.6

Related Weaknesses (CWE)

CWE-1333

References

https://github.com/python-mechanize/mechanize/blob/3acb1836f3fd8edc5a758a417dd46ExploitThird Party Advisory
https://github.com/python-mechanize/mechanize/commit/dd05334448e9f39814bab044d2ePatchThird Party Advisory
https://github.com/python-mechanize/mechanize/releases/tag/v0.4.6Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/06/msg00022.html
https://securitylab.github.com/advisories/GHSL-2021-108-python-mechanize-mechaniExploitThird Party Advisory
https://github.com/python-mechanize/mechanize/blob/3acb1836f3fd8edc5a758a417dd46ExploitThird Party Advisory
https://github.com/python-mechanize/mechanize/commit/dd05334448e9f39814bab044d2ePatchThird Party Advisory
https://github.com/python-mechanize/mechanize/releases/tag/v0.4.6Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/06/msg00022.html
https://lists.debian.org/debian-lts-announce/2025/12/msg00028.html
https://securitylab.github.com/advisories/GHSL-2021-108-python-mechanize-mechaniExploitThird Party Advisory

FAQ

What is CVE-2021-32837?

CVE-2021-32837 is a vulnerability with a CVSS score of 7.5 (HIGH). mechanize, a library for automatically interacting with HTTP web servers, contains a regular expression that is vulnerable to regular expression denial of service (ReDoS) prior to version 0.4.6. If a ...

How severe is CVE-2021-32837?

CVE-2021-32837 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-32837?

Check the references section above for vendor advisories and patch information. Affected products include: Mechanize Project Mechanize.