PYSEC-2021-16

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/httplib2/PYSEC-2021-16.yaml

JSON Data

https://api.test.osv.dev/v1/vulns/PYSEC-2021-16

Aliases

Published

2021-02-08T20:15:00Z

Modified

2023-11-01T04:54:09.559230Z

Summary

[none]

Details

httplib2 is a comprehensive HTTP client library for Python. In httplib2 before version 0.19.0, a malicious server which responds with long series of "\xa0" characters in the "www-authenticate" header may cause Denial of Service (CPU burn while parsing header) of the httplib2 client accessing said server. This is fixed in version 0.19.0 which contains a new implementation of auth headers parsing using the pyparsing library.

References

Affected packages

PyPI / httplib2

Package

Name: httplib2; View open source insights on deps.dev
Purl: pkg:pypi/httplib2

Affected ranges

Type: GIT
Repo: https://github.com/httplib2/httplib2
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

bd9ee252c8f099608019709e22c0d705e98d26bc

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.19.0

Affected versions

0.*

0.7.0

0.7.1

0.7.2

0.7.3

0.7.4

0.7.5

0.7.6

0.7.7

0.8

0.9

0.9.1

0.9.2

0.10.3

0.11.0

0.11.1

0.11.3

0.12.0

0.12.1

0.12.3

0.13.0

0.13.1

0.14.0

0.15.0

0.16.0

0.17.0

0.17.1

0.17.2

0.17.3

0.17.4

0.18.0

0.18.1