CVE-2021-21240

Uncontrolled Resource Consumption in pypi/httplib2

Identifiers

CVE-2021-21240, GHSA-93xj-8mrv-444m

Package Slug

pypi/httplib2

Vulnerability

Uncontrolled Resource Consumption

Description

httplib2 is a comprehensive HTTP client library for Python. In httplib2, a malicious server which responds with long series of "\xa0" characters in the "www-authenticate" header may cause Denial of Service (CPU burn while parsing header) of the httplib2 client accessing said server.

Affected Versions

All versions before 0.19.0

Solution

Upgrade to version 0.19.0 or above.

Last Modified

2021-02-15

source