CVE-2021-32837 HIGH

CVE-2021-32837: mechanize vulnerable to ReDoS

Vendor Python-Mechanize
Product mechanize
Weakness CWE-1333
Published January 17, 2023
Last update December 22, 2025

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

mechanize, a library for automatically interacting with HTTP web servers, contains a regular expression that is vulnerable to regular expression denial of service (ReDoS) prior to version 0.4.6. If a web server responds in a malicious way, then mechanize could crash. Version 0.4.6 has a patch for the issue.

Key dates

02Disclosure timeline

January 17, 2023 CVE published
December 22, 2025 Record updated