CVE-2020-11078

CVSS v2.0

7.1

High

Vector

AV:N/AC:M/Au:N/C:N/I:C/A:N

Name of the Vulnerable Software and Affected Versions httplib2 versions prior to 0.18.0

Description The issue is related to the httplib2 library's failure to neutralize CRLF sequences, allowing a remote attacker to impact data integrity. In httplib2 before version 0.18.0, an attacker controlling an unescaped part of a URI for httplib2.Http.request() could change request headers and body, and send additional hidden requests to the same server. This affects software that uses httplib2 with a URI constructed by string concatenation, rather than proper urllib building with escaping.

Recommendations For versions prior to 0.18.0, update to version 0.18.0 or later, where the issue has been fixed by quoting Space, CR, LF characters before any use. As a temporary workaround, consider creating URIs with urllib.parse family functions, such as urlencode and urlunsplit, to properly escape user input.

Fix

Special Elements Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74CWE-93

Related Identifiers

BDU:2023-07617

CESA-2020_4605

CESA-2020_5003

CESA-2020_5004

CVE-2020-11078

DLA-2232-1

GHSA-GG84-QGV9-W4PQ

MGASA-2020-0269

OPENSUSE-SU-2021:0772-1

OPENSUSE-SU-2021:0796-1

OPENSUSE-SU-2021:1806-1

OPENSUSE-SU-2021_0772-1

OPENSUSE-SU-2021_1806-1

OPENSUSE-SU-2024:11231-1

OPENSUSE-SU-2024:14141-1

PYSEC-2020-46

RHSA-2020:4605

RHSA-2020:5003

RHSA-2020:5004

RHSA-2020_4605

RHSA-2020_5003

RHSA-2020_5004

RHSA-2021:2116

SUSE-SU-2021:1637-1

SUSE-SU-2021:1779-1

SUSE-SU-2021:1806-1

SUSE-SU-2021:1807-1

SUSE-SU-2021:1808-1

SUSE-SU-2021_1637-1

SUSE-SU-2021_1806-1

SUSE-SU-2021_1807-1

Affected Products

Astra Linux

Centos

Red Hat

Suse

Httplib2

CVE-2020-11078

Weakness Enumeration

Related Identifiers

Affected Products

References · 66