Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/httplib2@0.9.1
Typepypi
Namespace
Namehttplib2
Version0.9.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version0.10.1
Latest_non_vulnerable_version0.19.0
Affected_by_vulnerabilities
0
url VCID-92cy-sw95-63fb
vulnerability_id VCID-92cy-sw95-63fb
summary In httplib2 before version 0.18.0, an attacker controlling unescaped part of uri for `httplib2.Http.request()` could change request headers and body, send additional hidden requests to same server. This vulnerability impacts software that uses httplib2 with uri constructed by string concatenation, as opposed to proper urllib building with escaping. This has been fixed in 0.18.0.
references
0
reference_url https://github.com/httplib2/httplib2/commit/a1457cc31f3206cf691d11d2bf34e98865873e9e
reference_id
reference_type
scores
url https://github.com/httplib2/httplib2/commit/a1457cc31f3206cf691d11d2bf34e98865873e9e
1
reference_url https://github.com/httplib2/httplib2/security/advisories/GHSA-gg84-qgv9-w4pq
reference_id
reference_type
scores
url https://github.com/httplib2/httplib2/security/advisories/GHSA-gg84-qgv9-w4pq
2
reference_url https://lists.apache.org/thread.html/r23711190c2e98152cb6f216b95090d5eeb978543bb7e0bad22ce47fc@%3Cissues.beam.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r23711190c2e98152cb6f216b95090d5eeb978543bb7e0bad22ce47fc@%3Cissues.beam.apache.org%3E
3
reference_url https://lists.apache.org/thread.html/r4d35dac106fab979f0db75a07fc4e320ad848b722103e79667ff99e1@%3Cissues.beam.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r4d35dac106fab979f0db75a07fc4e320ad848b722103e79667ff99e1@%3Cissues.beam.apache.org%3E
4
reference_url https://lists.apache.org/thread.html/r69a462e690b5f2c3d418a288a2c98ae764d58587bd0b5d6ab141f25f@%3Cissues.beam.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r69a462e690b5f2c3d418a288a2c98ae764d58587bd0b5d6ab141f25f@%3Cissues.beam.apache.org%3E
5
reference_url https://lists.apache.org/thread.html/r7f364000066748299b331b615ba51c62f55ab5b201ddce9a22d98202@%3Cissues.beam.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r7f364000066748299b331b615ba51c62f55ab5b201ddce9a22d98202@%3Cissues.beam.apache.org%3E
6
reference_url https://lists.apache.org/thread.html/rad8872fc99f670958c2774e2bf84ee32a3a0562a0c787465cf3dfa23@%3Cissues.beam.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rad8872fc99f670958c2774e2bf84ee32a3a0562a0c787465cf3dfa23@%3Cissues.beam.apache.org%3E
7
reference_url https://lists.apache.org/thread.html/rc9eff9572946142b657c900fe63ea4bbd3535911e8d4ce4d08fe4b89@%3Ccommits.allura.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rc9eff9572946142b657c900fe63ea4bbd3535911e8d4ce4d08fe4b89@%3Ccommits.allura.apache.org%3E
8
reference_url https://lists.debian.org/debian-lts-announce/2020/06/msg00000.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2020/06/msg00000.html
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXCX2AWROGWGY5GXR7VN3BKF34A2FO6J/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXCX2AWROGWGY5GXR7VN3BKF34A2FO6J/
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PZJ3D6JSM7CFZESZZKGUW2VX55BOSOXI/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PZJ3D6JSM7CFZESZZKGUW2VX55BOSOXI/
fixed_packages
0
url pkg:pypi/httplib2@0.18.0
purl pkg:pypi/httplib2@0.18.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-v8bw-2ukf-bbfg
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/httplib2@0.18.0
aliases CVE-2020-11078, GHSA-gg84-qgv9-w4pq, PYSEC-2020-46
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-92cy-sw95-63fb
1
url VCID-v8bw-2ukf-bbfg
vulnerability_id VCID-v8bw-2ukf-bbfg
summary httplib2 is a comprehensive HTTP client library for Python. In httplib2 before version 0.19.0, a malicious server which responds with long series of "\xa0" characters in the "www-authenticate" header may cause Denial of Service (CPU burn while parsing header) of the httplib2 client accessing said server. This is fixed in version 0.19.0 which contains a new implementation of auth headers parsing using the pyparsing library.
references
0
reference_url https://github.com/httplib2/httplib2/commit/bd9ee252c8f099608019709e22c0d705e98d26bc
reference_id
reference_type
scores
url https://github.com/httplib2/httplib2/commit/bd9ee252c8f099608019709e22c0d705e98d26bc
1
reference_url https://github.com/httplib2/httplib2/pull/182
reference_id
reference_type
scores
url https://github.com/httplib2/httplib2/pull/182
2
reference_url https://github.com/httplib2/httplib2/security/advisories/GHSA-93xj-8mrv-444m
reference_id
reference_type
scores
url https://github.com/httplib2/httplib2/security/advisories/GHSA-93xj-8mrv-444m
3
reference_url https://pypi.org/project/httplib2
reference_id
reference_type
scores
url https://pypi.org/project/httplib2
fixed_packages
0
url pkg:pypi/httplib2@0.19.0
purl pkg:pypi/httplib2@0.19.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/httplib2@0.19.0
aliases CVE-2021-21240, GHSA-93xj-8mrv-444m, PYSEC-2021-16
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v8bw-2ukf-bbfg
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/httplib2@0.9.1