CVE-2021-3116

Опубликовано: 11 янв. 2021

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

before_upstream_connection in AuthPlugin in http/proxy/auth.py in proxy.py before 2.3.1 accepts incorrect Proxy-Authorization header data because of a boolean confusion (and versus or).

Ссылки

https://cardaci.xyz/advisories/2021/01/10/proxy.py-2.3.0-broken-basic-authentication/
Exploit
Third Party Advisory
https://github.com/abhinavsingh/proxy.py/pull/482/commits/9b00093288237f5073c403f2c4f62acfdfa8ed46
Patch
https://pypi.org/project/proxy.py/2.3.1/#history
Product
https://cardaci.xyz/advisories/2021/01/10/proxy.py-2.3.0-broken-basic-authentication/
Exploit
Third Party Advisory
https://github.com/abhinavsingh/proxy.py/pull/482/commits/9b00093288237f5073c403f2c4f62acfdfa8ed46
Patch
https://pypi.org/project/proxy.py/2.3.1/#history
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:proxy.py_project:proxy.py:*:*:*:*:*:*:*:*

Версия до 2.3.1 (исключая)

EPSS

Процентиль: 61%

0.00412

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-697

Связанные уязвимости

GHSA-cmc7-mfmr-xqrx