Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/httplib2@0.15.0
Typepypi
Namespace
Namehttplib2
Version0.15.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version0.19.0
Latest_non_vulnerable_version0.19.0
Affected_by_vulnerabilities
0
url VCID-92cy-sw95-63fb
vulnerability_id VCID-92cy-sw95-63fb
summary In httplib2 before version 0.18.0, an attacker controlling unescaped part of uri for `httplib2.Http.request()` could change request headers and body, send additional hidden requests to same server. This vulnerability impacts software that uses httplib2 with uri constructed by string concatenation, as opposed to proper urllib building with escaping. This has been fixed in 0.18.0.
references
0
reference_url https://github.com/httplib2/httplib2
reference_id
reference_type
scores
url https://github.com/httplib2/httplib2
1
reference_url https://github.com/httplib2/httplib2/commit/a1457cc31f3206cf691d11d2bf34e98865873e9e
reference_id
reference_type
scores
url https://github.com/httplib2/httplib2/commit/a1457cc31f3206cf691d11d2bf34e98865873e9e
2
reference_url https://github.com/httplib2/httplib2/security/advisories/GHSA-gg84-qgv9-w4pq
reference_id
reference_type
scores
url https://github.com/httplib2/httplib2/security/advisories/GHSA-gg84-qgv9-w4pq
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/httplib2/PYSEC-2020-46.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/httplib2/PYSEC-2020-46.yaml
4
reference_url https://lists.apache.org/thread.html/r23711190c2e98152cb6f216b95090d5eeb978543bb7e0bad22ce47fc@%3Cissues.beam.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r23711190c2e98152cb6f216b95090d5eeb978543bb7e0bad22ce47fc@%3Cissues.beam.apache.org%3E
5
reference_url https://lists.apache.org/thread.html/r4d35dac106fab979f0db75a07fc4e320ad848b722103e79667ff99e1@%3Cissues.beam.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r4d35dac106fab979f0db75a07fc4e320ad848b722103e79667ff99e1@%3Cissues.beam.apache.org%3E
6
reference_url https://lists.apache.org/thread.html/r69a462e690b5f2c3d418a288a2c98ae764d58587bd0b5d6ab141f25f@%3Cissues.beam.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r69a462e690b5f2c3d418a288a2c98ae764d58587bd0b5d6ab141f25f@%3Cissues.beam.apache.org%3E
7
reference_url https://lists.apache.org/thread.html/r7f364000066748299b331b615ba51c62f55ab5b201ddce9a22d98202@%3Cissues.beam.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r7f364000066748299b331b615ba51c62f55ab5b201ddce9a22d98202@%3Cissues.beam.apache.org%3E
8
reference_url https://lists.apache.org/thread.html/rad8872fc99f670958c2774e2bf84ee32a3a0562a0c787465cf3dfa23@%3Cissues.beam.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rad8872fc99f670958c2774e2bf84ee32a3a0562a0c787465cf3dfa23@%3Cissues.beam.apache.org%3E
9
reference_url https://lists.apache.org/thread.html/rc9eff9572946142b657c900fe63ea4bbd3535911e8d4ce4d08fe4b89@%3Ccommits.allura.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rc9eff9572946142b657c900fe63ea4bbd3535911e8d4ce4d08fe4b89@%3Ccommits.allura.apache.org%3E
10
reference_url https://lists.debian.org/debian-lts-announce/2020/06/msg00000.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2020/06/msg00000.html
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXCX2AWROGWGY5GXR7VN3BKF34A2FO6J
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXCX2AWROGWGY5GXR7VN3BKF34A2FO6J
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXCX2AWROGWGY5GXR7VN3BKF34A2FO6J/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXCX2AWROGWGY5GXR7VN3BKF34A2FO6J/
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PZJ3D6JSM7CFZESZZKGUW2VX55BOSOXI
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PZJ3D6JSM7CFZESZZKGUW2VX55BOSOXI
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PZJ3D6JSM7CFZESZZKGUW2VX55BOSOXI/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PZJ3D6JSM7CFZESZZKGUW2VX55BOSOXI/
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-11078
reference_id CVE-2020-11078
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2020-11078
16
reference_url https://github.com/advisories/GHSA-gg84-qgv9-w4pq
reference_id GHSA-gg84-qgv9-w4pq
reference_type
scores
url https://github.com/advisories/GHSA-gg84-qgv9-w4pq
fixed_packages
0
url pkg:pypi/httplib2@0.18.0
purl pkg:pypi/httplib2@0.18.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-v8bw-2ukf-bbfg
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/httplib2@0.18.0
aliases CVE-2020-11078, GHSA-gg84-qgv9-w4pq, PYSEC-2020-46
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-92cy-sw95-63fb
1
url VCID-v8bw-2ukf-bbfg
vulnerability_id VCID-v8bw-2ukf-bbfg
summary httplib2 is a comprehensive HTTP client library for Python. In httplib2 before version 0.19.0, a malicious server which responds with long series of "\xa0" characters in the "www-authenticate" header may cause Denial of Service (CPU burn while parsing header) of the httplib2 client accessing said server. This is fixed in version 0.19.0 which contains a new implementation of auth headers parsing using the pyparsing library.
references
0
reference_url https://github.com/httplib2/httplib2
reference_id
reference_type
scores
url https://github.com/httplib2/httplib2
1
reference_url https://github.com/httplib2/httplib2/commit/bd9ee252c8f099608019709e22c0d705e98d26bc
reference_id
reference_type
scores
url https://github.com/httplib2/httplib2/commit/bd9ee252c8f099608019709e22c0d705e98d26bc
2
reference_url https://github.com/httplib2/httplib2/pull/182
reference_id
reference_type
scores
url https://github.com/httplib2/httplib2/pull/182
3
reference_url https://github.com/httplib2/httplib2/security/advisories/GHSA-93xj-8mrv-444m
reference_id
reference_type
scores
url https://github.com/httplib2/httplib2/security/advisories/GHSA-93xj-8mrv-444m
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/httplib2/PYSEC-2021-16.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/httplib2/PYSEC-2021-16.yaml
5
reference_url https://pypi.org/project/httplib2
reference_id
reference_type
scores
url https://pypi.org/project/httplib2
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-21240
reference_id CVE-2021-21240
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-21240
7
reference_url https://github.com/advisories/GHSA-93xj-8mrv-444m
reference_id GHSA-93xj-8mrv-444m
reference_type
scores
url https://github.com/advisories/GHSA-93xj-8mrv-444m
fixed_packages
0
url pkg:pypi/httplib2@0.19.0
purl pkg:pypi/httplib2@0.19.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/httplib2@0.19.0
aliases CVE-2021-21240, GHSA-93xj-8mrv-444m, PYSEC-2021-16
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v8bw-2ukf-bbfg
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/httplib2@0.15.0