VulnerableCode Package Details - pkg:pypi/httplib2@0.7.1

Search for packages

Vulnerability	Summary	Fixed by
VCID-92cy-sw95-63fb Aliases: CVE-2020-11078 GHSA-gg84-qgv9-w4pq PYSEC-2020-46	In httplib2 before version 0.18.0, an attacker controlling unescaped part of uri for `httplib2.Http.request()` could change request headers and body, send additional hidden requests to same server. This vulnerability impacts software that uses httplib2 with uri constructed by string concatenation, as opposed to proper urllib building with escaping. This has been fixed in 0.18.0.	0.18.0 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-eem4-2qxa-ufbk Aliases: CVE-2013-2037 GHSA-q48q-77qv-cf9p PYSEC-2014-81	httplib2 0.7.2, 0.8, and earlier, after an initial connection is made, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.	0.9 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 0.10.1 Affected by 0 other vulnerabilities.
VCID-v8bw-2ukf-bbfg Aliases: CVE-2021-21240 GHSA-93xj-8mrv-444m PYSEC-2021-16	httplib2 is a comprehensive HTTP client library for Python. In httplib2 before version 0.19.0, a malicious server which responds with long series of "\xa0" characters in the "www-authenticate" header may cause Denial of Service (CPU burn while parsing header) of the httplib2 client accessing said server. This is fixed in version 0.19.0 which contains a new implementation of auth headers parsing using the pyparsing library.	0.19.0 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-92cy-sw95-63fb
Aliases:
CVE-2020-11078
GHSA-gg84-qgv9-w4pq
PYSEC-2020-46

In httplib2 before version 0.18.0, an attacker controlling unescaped part of uri for `httplib2.Http.request()` could change request headers and body, send additional hidden requests to same server. This vulnerability impacts software that uses httplib2 with uri constructed by string concatenation, as opposed to proper urllib building with escaping. This has been fixed in 0.18.0.

0.18.0
Affected by 1 other vulnerability.

VCID-eem4-2qxa-ufbk
Aliases:
CVE-2013-2037
GHSA-q48q-77qv-cf9p
PYSEC-2014-81

httplib2 0.7.2, 0.8, and earlier, after an initial connection is made, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

0.9
Affected by 2 other vulnerabilities.

0.10.1
Affected by 0 other vulnerabilities.

VCID-v8bw-2ukf-bbfg
Aliases:
CVE-2021-21240
GHSA-93xj-8mrv-444m
PYSEC-2021-16

httplib2 is a comprehensive HTTP client library for Python. In httplib2 before version 0.19.0, a malicious server which responds with long series of "\xa0" characters in the "www-authenticate" header may cause Denial of Service (CPU burn while parsing header) of the httplib2 client accessing said server. This is fixed in version 0.19.0 which contains a new implementation of auth headers parsing using the pyparsing library.

0.19.0
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-02T04:08:20.835435+00:00	Pypa Importer	Affected by	VCID-v8bw-2ukf-bbfg	https://github.com/pypa/advisory-database/blob/main/vulns/httplib2/PYSEC-2021-16.yaml	38.6.0
2026-06-02T04:06:37.382559+00:00	Pypa Importer	Affected by	VCID-92cy-sw95-63fb	https://github.com/pypa/advisory-database/blob/main/vulns/httplib2/PYSEC-2020-46.yaml	38.6.0
2026-06-02T04:03:23.095352+00:00	Pypa Importer	Affected by	VCID-eem4-2qxa-ufbk	https://github.com/pypa/advisory-database/blob/main/vulns/httplib2/PYSEC-2014-81.yaml	38.6.0