VulnerableCode Package Details - pkg:pypi/httplib2@0.9.1

Search for packages

Vulnerability	Summary	Fixed by
VCID-dmwq-v4jy-2qbu Aliases: CVE-2021-21240 GHSA-93xj-8mrv-444m PYSEC-2021-16	denial of service	0.19.0 Affected by 0 other vulnerabilities.
VCID-vcup-gzng-8bhc Aliases: CVE-2020-11078 GHSA-gg84-qgv9-w4pq PYSEC-2020-46	In httplib2 before version 0.18.0, an attacker controlling unescaped part of uri for `httplib2.Http.request()` could change request headers and body, send additional hidden requests to same server. This vulnerability impacts software that uses httplib2 with uri constructed by string concatenation, as opposed to proper urllib building with escaping. This has been fixed in 0.18.0.	0.18.0 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-vxe2-m4u8-duf9 Aliases: CVE-2013-2037 GHSA-q48q-77qv-cf9p PYSEC-2014-81	httplib2 0.7.2, 0.8, and earlier, after an initial connection is made, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.	0.10.1 Affected by 0 other vulnerabilities. 0.10.3 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-dmwq-v4jy-2qbu
Aliases:
CVE-2021-21240
GHSA-93xj-8mrv-444m
PYSEC-2021-16

denial of service

0.19.0
Affected by 0 other vulnerabilities.

VCID-vcup-gzng-8bhc
Aliases:
CVE-2020-11078
GHSA-gg84-qgv9-w4pq
PYSEC-2020-46

In httplib2 before version 0.18.0, an attacker controlling unescaped part of uri for `httplib2.Http.request()` could change request headers and body, send additional hidden requests to same server. This vulnerability impacts software that uses httplib2 with uri constructed by string concatenation, as opposed to proper urllib building with escaping. This has been fixed in 0.18.0.

0.18.0
Affected by 1 other vulnerability.

VCID-vxe2-m4u8-duf9
Aliases:
CVE-2013-2037
GHSA-q48q-77qv-cf9p
PYSEC-2014-81

httplib2 0.7.2, 0.8, and earlier, after an initial connection is made, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

0.10.1
Affected by 0 other vulnerabilities.

0.10.3
Affected by 2 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-01T06:42:27.816327+00:00	GitLab Importer	Affected by	VCID-vxe2-m4u8-duf9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/httplib2/CVE-2013-2037.yml	38.6.0
2026-06-01T06:02:20.830380+00:00	GitLab Importer	Affected by	VCID-dmwq-v4jy-2qbu	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/httplib2/CVE-2021-21240.yml	38.6.0
2026-06-01T05:47:29.171561+00:00	GitLab Importer	Affected by	VCID-vcup-gzng-8bhc	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/httplib2/CVE-2020-11078.yml	38.6.0
2026-05-31T09:39:05.055726+00:00	PyPI Importer	Affected by	VCID-dmwq-v4jy-2qbu	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	38.6.0
2026-05-31T09:38:08.258554+00:00	PyPI Importer	Affected by	VCID-vcup-gzng-8bhc	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	38.6.0
2026-05-30T20:21:03.784399+00:00	Pypa Importer	Affected by	VCID-dmwq-v4jy-2qbu	https://github.com/pypa/advisory-database/blob/main/vulns/httplib2/PYSEC-2021-16.yaml	38.6.0
2026-05-30T20:19:17.627870+00:00	Pypa Importer	Affected by	VCID-vcup-gzng-8bhc	https://github.com/pypa/advisory-database/blob/main/vulns/httplib2/PYSEC-2020-46.yaml	38.6.0