2 matches found
CVE-2020-11078
CVE-2020-11078 affects httplib2 prior to 0.18.0. An attacker controlling an unescaped portion of the URI in httplib2.Http.request() could alter request headers and body and send hidden requests to the same server. The issue occurs when URIs are built by string concatenation rather than proper esc...
CVE-2021-21240
CVE-2021-21240 affects httplib2 prior to 0.19.0. A malicious server can send a WWW-Authenticate header containing a long sequence of non-breaking spaces (\xa0), causing a Denial of Service by CPU-intensive header parsing. The root cause is in how httplib2 parses auth headers; a fix was implemente...