Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-92cy-sw95-63fb

Summary In httplib2 before version 0.18.0, an attacker controlling unescaped part of uri for `httplib2.Http.request()` could change request headers and body, send additional hidden requests to same server. This vulnerability impacts software that uses httplib2 with uri constructed by string concatenation, as opposed to proper urllib building with escaping. This has been fixed in 0.18.0.

Aliases

alias	CVE-2020-11078

alias	GHSA-gg84-qgv9-w4pq

alias	PYSEC-2020-46

Fixed_packages

url pkg:pypi/httplib2@0.18.0

purl pkg:pypi/httplib2@0.18.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-v8bw-2ukf-bbfg

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/httplib2@0.18.0

Affected_packages

url pkg:pypi/httplib2@0.7.0

purl pkg:pypi/httplib2@0.7.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-92cy-sw95-63fb

vulnerability	VCID-eem4-2qxa-ufbk

vulnerability	VCID-v8bw-2ukf-bbfg

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/httplib2@0.7.0

url pkg:pypi/httplib2@0.7.1

purl pkg:pypi/httplib2@0.7.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-92cy-sw95-63fb

vulnerability	VCID-eem4-2qxa-ufbk

vulnerability	VCID-v8bw-2ukf-bbfg

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/httplib2@0.7.1

url pkg:pypi/httplib2@0.7.2

purl pkg:pypi/httplib2@0.7.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-92cy-sw95-63fb

vulnerability	VCID-eem4-2qxa-ufbk

vulnerability	VCID-v8bw-2ukf-bbfg

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/httplib2@0.7.2

url pkg:pypi/httplib2@0.7.3

purl pkg:pypi/httplib2@0.7.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-92cy-sw95-63fb

vulnerability	VCID-eem4-2qxa-ufbk

vulnerability	VCID-v8bw-2ukf-bbfg

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/httplib2@0.7.3

url pkg:pypi/httplib2@0.7.4

purl pkg:pypi/httplib2@0.7.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-92cy-sw95-63fb

vulnerability	VCID-eem4-2qxa-ufbk

vulnerability	VCID-v8bw-2ukf-bbfg

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/httplib2@0.7.4

url pkg:pypi/httplib2@0.7.5

purl pkg:pypi/httplib2@0.7.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-92cy-sw95-63fb

vulnerability	VCID-eem4-2qxa-ufbk

vulnerability	VCID-v8bw-2ukf-bbfg

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/httplib2@0.7.5

url pkg:pypi/httplib2@0.7.6

purl pkg:pypi/httplib2@0.7.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-92cy-sw95-63fb

vulnerability	VCID-eem4-2qxa-ufbk

vulnerability	VCID-v8bw-2ukf-bbfg

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/httplib2@0.7.6

url pkg:pypi/httplib2@0.7.7

purl pkg:pypi/httplib2@0.7.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-92cy-sw95-63fb

vulnerability	VCID-eem4-2qxa-ufbk

vulnerability	VCID-v8bw-2ukf-bbfg

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/httplib2@0.7.7

url pkg:pypi/httplib2@0.8

purl pkg:pypi/httplib2@0.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-92cy-sw95-63fb

vulnerability	VCID-eem4-2qxa-ufbk

vulnerability	VCID-v8bw-2ukf-bbfg

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/httplib2@0.8

url pkg:pypi/httplib2@0.9

purl pkg:pypi/httplib2@0.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-92cy-sw95-63fb

vulnerability	VCID-v8bw-2ukf-bbfg

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/httplib2@0.9

url pkg:pypi/httplib2@0.9.1

purl pkg:pypi/httplib2@0.9.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-92cy-sw95-63fb

vulnerability	VCID-v8bw-2ukf-bbfg

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/httplib2@0.9.1

url pkg:pypi/httplib2@0.9.2

purl pkg:pypi/httplib2@0.9.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-92cy-sw95-63fb

vulnerability	VCID-v8bw-2ukf-bbfg

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/httplib2@0.9.2

url pkg:pypi/httplib2@0.10.3

purl pkg:pypi/httplib2@0.10.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-92cy-sw95-63fb

vulnerability	VCID-v8bw-2ukf-bbfg

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/httplib2@0.10.3

url pkg:pypi/httplib2@0.11.0

purl pkg:pypi/httplib2@0.11.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-92cy-sw95-63fb

vulnerability	VCID-v8bw-2ukf-bbfg

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/httplib2@0.11.0

url pkg:pypi/httplib2@0.11.1

purl pkg:pypi/httplib2@0.11.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-92cy-sw95-63fb

vulnerability	VCID-v8bw-2ukf-bbfg

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/httplib2@0.11.1

url pkg:pypi/httplib2@0.11.3

purl pkg:pypi/httplib2@0.11.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-92cy-sw95-63fb

vulnerability	VCID-v8bw-2ukf-bbfg

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/httplib2@0.11.3

url pkg:pypi/httplib2@0.12.0

purl pkg:pypi/httplib2@0.12.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-92cy-sw95-63fb

vulnerability	VCID-v8bw-2ukf-bbfg

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/httplib2@0.12.0

url pkg:pypi/httplib2@0.12.1

purl pkg:pypi/httplib2@0.12.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-92cy-sw95-63fb

vulnerability	VCID-v8bw-2ukf-bbfg

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/httplib2@0.12.1

url pkg:pypi/httplib2@0.12.3

purl pkg:pypi/httplib2@0.12.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-92cy-sw95-63fb

vulnerability	VCID-v8bw-2ukf-bbfg

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/httplib2@0.12.3

url pkg:pypi/httplib2@0.13.0

purl pkg:pypi/httplib2@0.13.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-92cy-sw95-63fb

vulnerability	VCID-v8bw-2ukf-bbfg

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/httplib2@0.13.0

url pkg:pypi/httplib2@0.13.1

purl pkg:pypi/httplib2@0.13.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-92cy-sw95-63fb

vulnerability	VCID-v8bw-2ukf-bbfg

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/httplib2@0.13.1

url pkg:pypi/httplib2@0.14.0

purl pkg:pypi/httplib2@0.14.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-92cy-sw95-63fb

vulnerability	VCID-v8bw-2ukf-bbfg

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/httplib2@0.14.0

url pkg:pypi/httplib2@0.15.0

purl pkg:pypi/httplib2@0.15.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-92cy-sw95-63fb

vulnerability	VCID-v8bw-2ukf-bbfg

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/httplib2@0.15.0

url pkg:pypi/httplib2@0.16.0

purl pkg:pypi/httplib2@0.16.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-92cy-sw95-63fb

vulnerability	VCID-v8bw-2ukf-bbfg

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/httplib2@0.16.0

url pkg:pypi/httplib2@0.17.0

purl pkg:pypi/httplib2@0.17.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-92cy-sw95-63fb

vulnerability	VCID-v8bw-2ukf-bbfg

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/httplib2@0.17.0

url pkg:pypi/httplib2@0.17.1

purl pkg:pypi/httplib2@0.17.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-92cy-sw95-63fb

vulnerability	VCID-v8bw-2ukf-bbfg

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/httplib2@0.17.1

url pkg:pypi/httplib2@0.17.2

purl pkg:pypi/httplib2@0.17.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-92cy-sw95-63fb

vulnerability	VCID-v8bw-2ukf-bbfg

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/httplib2@0.17.2

url pkg:pypi/httplib2@0.17.3

purl pkg:pypi/httplib2@0.17.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-92cy-sw95-63fb

vulnerability	VCID-v8bw-2ukf-bbfg

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/httplib2@0.17.3

url pkg:pypi/httplib2@0.17.4

purl pkg:pypi/httplib2@0.17.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-92cy-sw95-63fb

vulnerability	VCID-v8bw-2ukf-bbfg

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/httplib2@0.17.4

References

reference_url	https://github.com/httplib2/httplib2/commit/a1457cc31f3206cf691d11d2bf34e98865873e9e
reference_id
reference_type
scores
url	https://github.com/httplib2/httplib2/commit/a1457cc31f3206cf691d11d2bf34e98865873e9e

reference_url	https://github.com/httplib2/httplib2/security/advisories/GHSA-gg84-qgv9-w4pq
reference_id
reference_type
scores
url	https://github.com/httplib2/httplib2/security/advisories/GHSA-gg84-qgv9-w4pq

reference_url	https://lists.apache.org/thread.html/r23711190c2e98152cb6f216b95090d5eeb978543bb7e0bad22ce47fc@%3Cissues.beam.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r23711190c2e98152cb6f216b95090d5eeb978543bb7e0bad22ce47fc@%3Cissues.beam.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r4d35dac106fab979f0db75a07fc4e320ad848b722103e79667ff99e1@%3Cissues.beam.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r4d35dac106fab979f0db75a07fc4e320ad848b722103e79667ff99e1@%3Cissues.beam.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r69a462e690b5f2c3d418a288a2c98ae764d58587bd0b5d6ab141f25f@%3Cissues.beam.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r69a462e690b5f2c3d418a288a2c98ae764d58587bd0b5d6ab141f25f@%3Cissues.beam.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r7f364000066748299b331b615ba51c62f55ab5b201ddce9a22d98202@%3Cissues.beam.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r7f364000066748299b331b615ba51c62f55ab5b201ddce9a22d98202@%3Cissues.beam.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rad8872fc99f670958c2774e2bf84ee32a3a0562a0c787465cf3dfa23@%3Cissues.beam.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rad8872fc99f670958c2774e2bf84ee32a3a0562a0c787465cf3dfa23@%3Cissues.beam.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rc9eff9572946142b657c900fe63ea4bbd3535911e8d4ce4d08fe4b89@%3Ccommits.allura.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rc9eff9572946142b657c900fe63ea4bbd3535911e8d4ce4d08fe4b89@%3Ccommits.allura.apache.org%3E

reference_url	https://lists.debian.org/debian-lts-announce/2020/06/msg00000.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2020/06/msg00000.html

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXCX2AWROGWGY5GXR7VN3BKF34A2FO6J/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXCX2AWROGWGY5GXR7VN3BKF34A2FO6J/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PZJ3D6JSM7CFZESZZKGUW2VX55BOSOXI/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PZJ3D6JSM7CFZESZZKGUW2VX55BOSOXI/

Weaknesses

Exploits

Severity_range_score null

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-92cy-sw95-63fb

Vulnerability Instance