Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2020-11078

In httplib2 before version 0.18.0, an attacker controlling unescaped part of uri for `httplib2.Http.request()` could change request headers and body, send additional hidden requests to same server. This vulnerability impacts software that uses httplib2 with uri constructed by string concatenation, as opposed to proper urllib building with escaping. This has been fixed in 0.18.0.

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://github.com/htt...
MISC: https://github.com/htt...
MLIST: [allura-commits] 20200...
MLIST: [debian-lts-announce] ...
MLIST: [beam-issues] 20200602...
FEDORA: FEDORA-2020-a7a15a9687
FEDORA: FEDORA-2020-37779a5c93
MLIST: [beam-issues] 20200802...
MLIST: [beam-issues] 20200802...
MLIST: [beam-issues] 20200816...
MLIST: [beam-issues] 20200816...

Launchpad.net

CVE 2020-11078

Related bugs

References