CVE-2020-11078

CVE-2020-11078 affects httplib2 prior to 0.18.0. An attacker controlling an unescaped portion of the URI in httplib2.Http.request() could alter request headers and body and send hidden requests to the same server. The issue occurs when URIs are built by string concatenation rather than proper esc...

CVE-2021-21240

CVE-2021-21240 affects httplib2 prior to 0.19.0. A malicious server can send a WWW-Authenticate header containing a long sequence of non-breaking spaces (\xa0), causing a Denial of Service by CPU-intensive header parsing. The root cause is in how httplib2 parses auth headers; a fix was implemente...

CVE-2013-2037

CVE-2013-2037 affects the Python HTTP client library httplib2 versions up to 0.7.2/0.8 and earlier. Root cause: after the initial connection, the client does not verify that the server hostname matches the CN or subjectAltName in the server's X.509 certificate, enabling MITM via an arbitrary vali...