Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-httplib2 (UTSA-2026-017469)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017469 advisory. httplib2 is a comprehensive HTTP client library for Python. In httplib2 before version 0.19.0, a malicious server which responds with long series of \xa0 characters ...

EUVD-2021-0098

Malware in sbrugna...

EUVD-2020-0085

Malware in sbrugna...

SUSE CVE-2013-2037

httplib2 0.7.2, 0.8, and earlier, after an initial connection is made, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary...

SUSE CVE-2020-11078

In httplib2 before version 0.18.0, an attacker controlling unescaped part of uri for httplib2.Http.request could change request headers and body, send additional hidden requests to same server. This vulnerability impacts software that uses httplib2 with uri constructed by string concatenation, as...

ROS-20220210-03

Vulnerability of HTTP client library httplib2, is related to the fact that the application does not properly control the consumption of internal resources. internal resource consumption. Exploitation of the vulnerability could allow an attacker, acting remotely, to cause resource exhaustion by...

SUSE-SU-2021:1806-1 Security update for python-httplib2

This update for python-httplib2 fixes the following issues: - Update to version 0.19.0 bsc1182053. - CVE-2021-21240: Fixed regular expression denial of service via malicious header bsc1182053. - CVE-2020-11078: Fixed unescaped part of uri where an attacker could change request headers and body...

DEBIAN-CVE-2021-21240

httplib2 is a comprehensive HTTP client library for Python. In httplib2 before version 0.19.0, a malicious server which responds with long series of "\xa0" characters in the "www-authenticate" header may cause Denial of Service CPU burn while parsing header of the httplib2 client accessing said...

amundsen-databuilder (>=2.6.0 <=3.1.0rc0), amundsen-databuilder-azure (=2.6.5) +84 more potentially affected by CVE-2021-21240 via httplib2 (>=0.10.3 <=0.18.1)

httplib2 PYPI version =0.10.3, =2.6.0, =0.1.0, =0.1.0, =0.0.22, =0.7.1, =0.4.0, =0.0.0, =0.0.1, =3.40.0, =0.0.4, =0.1.1, =0.3.0 and more Source cves: CVE-2021-21240 Source advisory: OSV:PYSEC-2021-16...

amundsen-databuilder (>=2.6.0 <=3.1.0rc0), amundsen-databuilder-azure (=2.6.5) +84 more potentially affected by CVE-2021-21240 via httplib2 (>=0.10.3 <=0.18.1)

httplib2 PYPI version =0.10.3, =2.6.0, =0.1.0, =0.1.0, =0.0.22, =0.7.1, =0.4.0, =0.0.0, =0.0.1, =3.40.0, =0.0.4, =0.1.1, =0.3.0 and more Source cves: CVE-2021-21240 Source advisory: OSV:GHSA-93XJ-8MRV-444M...

httplib2 Resource Management Error Vulnerability

httplib2 is an HTTP client library. A security vulnerability in httplib2 versions prior to 0.19.0, which stems from a response to the long string of xa0 characters in the www-authenticate header, could cause a denial of service when an httplib2 client accesses the server...

httplib2 injection vulnerability

httplib2 is an HTTP client library. An injection vulnerability exists in httplib2 versions prior to 0.18.0. An attacker can exploit the vulnerability by changing the request header and body via the unescaped portion of a controlled uri httplib2.Http.request and sending other hidden requests to th...

CVE-2020-11078

In httplib2 before version 0.18.0, an attacker controlling unescaped part of uri for httplib2.Http.request could change request headers and body, send additional hidden requests to same server. This vulnerability impacts software that uses httplib2 with uri constructed by string concatenation, as...

UBUNTU-CVE-2020-11078

In httplib2 before version 0.18.0, an attacker controlling unescaped part of uri for httplib2.Http.request could change request headers and body, send additional hidden requests to same server. This vulnerability impacts software that uses httplib2 with uri constructed by string concatenation, as...

anews (>=0.1.0 <=1.30.0), arquants (>=0.0.22 <=0.0.27) +61 more potentially affected by CVE-2020-11078 via httplib2 (>=0.10.3 <=0.17.3)

httplib2 PYPI version =0.10.3, =0.1.0, =0.0.22, =0.7.1, =0.0.0, =0.0.1, =3.40.0, =0.0.3, =0.5.0, =2.0.0, =0.1.2, =0.8.2, =0.8.6 and more Source cves: CVE-2020-11078 Source advisory: OSV:PYSEC-2020-46...

anews (>=0.1.0 <=1.30.0), arquants (>=0.0.22 <=0.0.27) +61 more potentially affected by CVE-2020-11078 via httplib2 (>=0.10.3 <=0.17.3)

httplib2 PYPI version =0.10.3, =0.1.0, =0.0.22, =0.7.1, =0.0.0, =0.0.1, =3.40.0, =0.0.3, =0.5.0, =2.0.0, =0.1.2, =0.8.2, =0.8.6 and more Source cves: CVE-2020-11078 Source advisory: OSV:GHSA-GG84-QGV9-W4PQ...

PT-2020-6928 · Pypi +4 · Httplib2 +4

Name of the Vulnerable Software and Affected Versions: httplib2 versions prior to 0.18.0 Description: The issue is related to the httplib2 library's failure to neutralize CRLF sequences, allowing a remote attacker to impact data integrity. In httplib2 before version 0.18.0, an attacker controllin...

CVE-2013-2037

httplib2 0.7.2, 0.8, and earlier, after an initial connection is made, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary...