Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/httplib2@0.7.4
Typepypi
Namespace
Namehttplib2
Version0.7.4
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version0.10.1
Latest_non_vulnerable_version0.19.0
Affected_by_vulnerabilities
0
url VCID-92cy-sw95-63fb
vulnerability_id VCID-92cy-sw95-63fb
summary In httplib2 before version 0.18.0, an attacker controlling unescaped part of uri for `httplib2.Http.request()` could change request headers and body, send additional hidden requests to same server. This vulnerability impacts software that uses httplib2 with uri constructed by string concatenation, as opposed to proper urllib building with escaping. This has been fixed in 0.18.0.
references
0
reference_url https://github.com/httplib2/httplib2/commit/a1457cc31f3206cf691d11d2bf34e98865873e9e
reference_id
reference_type
scores
url https://github.com/httplib2/httplib2/commit/a1457cc31f3206cf691d11d2bf34e98865873e9e
1
reference_url https://github.com/httplib2/httplib2/security/advisories/GHSA-gg84-qgv9-w4pq
reference_id
reference_type
scores
url https://github.com/httplib2/httplib2/security/advisories/GHSA-gg84-qgv9-w4pq
2
reference_url https://lists.apache.org/thread.html/r23711190c2e98152cb6f216b95090d5eeb978543bb7e0bad22ce47fc@%3Cissues.beam.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r23711190c2e98152cb6f216b95090d5eeb978543bb7e0bad22ce47fc@%3Cissues.beam.apache.org%3E
3
reference_url https://lists.apache.org/thread.html/r4d35dac106fab979f0db75a07fc4e320ad848b722103e79667ff99e1@%3Cissues.beam.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r4d35dac106fab979f0db75a07fc4e320ad848b722103e79667ff99e1@%3Cissues.beam.apache.org%3E
4
reference_url https://lists.apache.org/thread.html/r69a462e690b5f2c3d418a288a2c98ae764d58587bd0b5d6ab141f25f@%3Cissues.beam.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r69a462e690b5f2c3d418a288a2c98ae764d58587bd0b5d6ab141f25f@%3Cissues.beam.apache.org%3E
5
reference_url https://lists.apache.org/thread.html/r7f364000066748299b331b615ba51c62f55ab5b201ddce9a22d98202@%3Cissues.beam.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r7f364000066748299b331b615ba51c62f55ab5b201ddce9a22d98202@%3Cissues.beam.apache.org%3E
6
reference_url https://lists.apache.org/thread.html/rad8872fc99f670958c2774e2bf84ee32a3a0562a0c787465cf3dfa23@%3Cissues.beam.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rad8872fc99f670958c2774e2bf84ee32a3a0562a0c787465cf3dfa23@%3Cissues.beam.apache.org%3E
7
reference_url https://lists.apache.org/thread.html/rc9eff9572946142b657c900fe63ea4bbd3535911e8d4ce4d08fe4b89@%3Ccommits.allura.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rc9eff9572946142b657c900fe63ea4bbd3535911e8d4ce4d08fe4b89@%3Ccommits.allura.apache.org%3E
8
reference_url https://lists.debian.org/debian-lts-announce/2020/06/msg00000.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2020/06/msg00000.html
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXCX2AWROGWGY5GXR7VN3BKF34A2FO6J/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXCX2AWROGWGY5GXR7VN3BKF34A2FO6J/
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PZJ3D6JSM7CFZESZZKGUW2VX55BOSOXI/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PZJ3D6JSM7CFZESZZKGUW2VX55BOSOXI/
fixed_packages
0
url pkg:pypi/httplib2@0.18.0
purl pkg:pypi/httplib2@0.18.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-v8bw-2ukf-bbfg
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/httplib2@0.18.0
aliases CVE-2020-11078, GHSA-gg84-qgv9-w4pq, PYSEC-2020-46
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-92cy-sw95-63fb
1
url VCID-eem4-2qxa-ufbk
vulnerability_id VCID-eem4-2qxa-ufbk
summary httplib2 0.7.2, 0.8, and earlier, after an initial connection is made, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
references
0
reference_url http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=706602
reference_id
reference_type
scores
url http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=706602
1
reference_url http://code.google.com/p/httplib2/issues/detail?id=282
reference_id
reference_type
scores
url http://code.google.com/p/httplib2/issues/detail?id=282
2
reference_url https://bugs.launchpad.net/httplib2/+bug/1175272
reference_id
reference_type
scores
url https://bugs.launchpad.net/httplib2/+bug/1175272
3
reference_url http://seclists.org/oss-sec/2013/q2/257
reference_id
reference_type
scores
url http://seclists.org/oss-sec/2013/q2/257
4
reference_url https://github.com/httplib2/httplib2
reference_id
reference_type
scores
url https://github.com/httplib2/httplib2
5
reference_url https://github.com/httplib2/httplib2/commit/40cbdcc8586f2292fa0e76a3e8c012f0cc9ed919
reference_id
reference_type
scores
url https://github.com/httplib2/httplib2/commit/40cbdcc8586f2292fa0e76a3e8c012f0cc9ed919
6
reference_url https://github.com/httplib2/httplib2/issues/5
reference_id
reference_type
scores
url https://github.com/httplib2/httplib2/issues/5
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/httplib2/PYSEC-2014-81.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/httplib2/PYSEC-2014-81.yaml
8
reference_url https://web.archive.org/web/20200228052625/http://www.securityfocus.com/bid/52179
reference_id
reference_type
scores
url https://web.archive.org/web/20200228052625/http://www.securityfocus.com/bid/52179
9
reference_url http://www.securityfocus.com/bid/52179
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/52179
10
reference_url http://www.ubuntu.com/usn/USN-1948-1
reference_id
reference_type
scores
url http://www.ubuntu.com/usn/USN-1948-1
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-2037
reference_id CVE-2013-2037
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2013-2037
12
reference_url https://github.com/advisories/GHSA-q48q-77qv-cf9p
reference_id GHSA-q48q-77qv-cf9p
reference_type
scores
url https://github.com/advisories/GHSA-q48q-77qv-cf9p
fixed_packages
0
url pkg:pypi/httplib2@0.9
purl pkg:pypi/httplib2@0.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-92cy-sw95-63fb
1
vulnerability VCID-v8bw-2ukf-bbfg
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/httplib2@0.9
1
url pkg:pypi/httplib2@0.10.1
purl pkg:pypi/httplib2@0.10.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/httplib2@0.10.1
aliases CVE-2013-2037, GHSA-q48q-77qv-cf9p, PYSEC-2014-81
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-eem4-2qxa-ufbk
2
url VCID-v8bw-2ukf-bbfg
vulnerability_id VCID-v8bw-2ukf-bbfg
summary httplib2 is a comprehensive HTTP client library for Python. In httplib2 before version 0.19.0, a malicious server which responds with long series of "\xa0" characters in the "www-authenticate" header may cause Denial of Service (CPU burn while parsing header) of the httplib2 client accessing said server. This is fixed in version 0.19.0 which contains a new implementation of auth headers parsing using the pyparsing library.
references
0
reference_url https://github.com/httplib2/httplib2/commit/bd9ee252c8f099608019709e22c0d705e98d26bc
reference_id
reference_type
scores
url https://github.com/httplib2/httplib2/commit/bd9ee252c8f099608019709e22c0d705e98d26bc
1
reference_url https://github.com/httplib2/httplib2/pull/182
reference_id
reference_type
scores
url https://github.com/httplib2/httplib2/pull/182
2
reference_url https://github.com/httplib2/httplib2/security/advisories/GHSA-93xj-8mrv-444m
reference_id
reference_type
scores
url https://github.com/httplib2/httplib2/security/advisories/GHSA-93xj-8mrv-444m
3
reference_url https://pypi.org/project/httplib2
reference_id
reference_type
scores
url https://pypi.org/project/httplib2
fixed_packages
0
url pkg:pypi/httplib2@0.19.0
purl pkg:pypi/httplib2@0.19.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/httplib2@0.19.0
aliases CVE-2021-21240, GHSA-93xj-8mrv-444m, PYSEC-2021-16
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v8bw-2ukf-bbfg
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/httplib2@0.7.4