Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
448
VMScore

CVE-2021-21240

Published: 08/02/2021 Updated: 12/02/2021
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 448
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Summary

httplib2 is a comprehensive HTTP client library for Python. In httplib2 before version 0.19.0, a malicious server which responds with long series of "\xa0" characters in the "www-authenticate" header may cause Denial of Service (CPU burn while parsing header) of the httplib2 client accessing said server. This is fixed in version 0.19.0 which contains a new implementation of auth headers parsing using the pyparsing library.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

httplib2 project httplib2

Vendor Advisories

Debian CVElist Bug Report Logs: python-httplib2: CVE-2021-21240
Debian Bug report logs - #982738 python-httplib2: CVE-2021-21240 Package: src:python-httplib2; Maintainer for src:python-httplib2 is Debian Python Team <team+python@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 13 Feb 2021 18:45:02 UTC Severity: important Tags: security, upstre ...
Arch Linux Issues:
In python-httplib2 before version 0190, a malicious server which responds with long series of "\xa0" characters in the "www-authenticate" header may cause Denial of Service (CPU burn while parsing header) of the httplib2 client accessing said server This is fixed in version 0190 which contains a new implementation of auth headers parsing using ...

Github Repositories

https://github.com/krishna-commits/trivy

Documentation Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues Abstract Trivy (tri pronounced like trigger, vy pronounced like envy) is a simple and comprehensive scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues Trivy detects

https://github.com/ANTONYOH/midterm_trivy

Documentation Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues Abstract Trivy (tri pronounced like trigger, vy pronounced like envy) is a simple and comprehensive scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues Trivy detects

https://github.com/renovate-bot/khulnasoft-lab-_-vulx

Documentation Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues Abstract Vul (tri pronounced like trigger, vy pronounced like envy) is a simple and comprehensive scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues Vul detects vul

https://github.com/krishna-commits/trivy-test

Documentation Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues Abstract Trivy (tri pronounced like trigger, vy pronounced like envy) is a simple and comprehensive scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues Trivy detects

https://github.com/rafavinnce/trivy_0.27.1

Documentation Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues Abstract Trivy (tri pronounced like trigger, vy pronounced like envy) is a simple and comprehensive scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues Trivy detects

https://github.com/immydestiny/trivy-file

Documentation Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues Abstract Trivy (tri pronounced like trigger, vy pronounced like envy) is a simple and comprehensive scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues Trivy detects

https://github.com/fhirfactory/pegacorn-scanner-trivy

Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues

Documentation Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues Abstract Trivy (tri pronounced like trigger, vy pronounced like envy) is a simple and comprehensive scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues Trivy detects

https://github.com/candrapw/trivy

Documentation Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues Abstract Trivy (tri pronounced like trigger, vy pronounced like envy) is a simple and comprehensive scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues Trivy detects

https://github.com/georgearce24/aquasecurity-trivy

Documentation Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues Abstract Trivy (tri pronounced like trigger, vy pronounced like envy) is a simple and comprehensive scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues Trivy detects

References

CWE-400https://github.com/httplib2/httplib2/commit/bd9ee252c8f099608019709e22c0d705e98d26bchttps://github.com/httplib2/httplib2/pull/182https://github.com/httplib2/httplib2/security/advisories/GHSA-93xj-8mrv-444mhttps://pypi.org/project/httplib2https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982738https://nvd.nist.govhttps://github.com/fhirfactory/pegacorn-scanner-trivyhttps://security.archlinux.org/CVE-2021-21240
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310CVE-2024-21683CVE-2024-22187chromedeserializationXPath injectionCVE-2024-27842denial of serviceCVE-2024-24851googleCVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook