正文

httplib2 注入漏洞

admin
admin V管理员 /0 评论 /9 阅读
0224
此篇文章发布距今已超过1175天,您需要注意文章的内容或图片是否可用!

漏洞信息详情

httplib2 注入漏洞

  • CNNVD编号:CNNVD-202005-1097
    • <!--
  • 危害等级: 中危-->
  • 危害等级: 中危
  • CVE编号: CVE-2020-11078
  • 漏洞类型: 注入
  • 发布时间: 2020-05-20
  • 威胁类型: 远程
  • 更新时间: 2021-06-02
  • 厂        商:
  • 漏洞来源: Red Hat

漏洞简介

httplib2是一款HTTP客户端库。

httplib2 0.18.0之前版本中存在注入漏洞。攻击者可通过控制的uri(httplib2.Http.request())未转义部分利用该漏洞更改请求标头和正文,并将其他隐藏请求发送到同一服务器。

漏洞公告

目前厂商已发布升级补丁以修复漏洞,补丁获取链接:

https://github.com/httplib2/httplib2/security/advisories/GHSA-gg84-qgv9-w4pq

参考网址

来源:MLIST

链接:https://lists.apache.org/thread.html/r4d35dac106fab979f0db75a07fc4e320ad848b722103e79667ff99e1@%3Cissues.beam.apache.org%3E

来源:MLIST

链接:https://lists.apache.org/thread.html/r23711190c2e98152cb6f216b95090d5eeb978543bb7e0bad22ce47fc@%3Cissues.beam.apache.org%3E

来源:httplib2

链接:httplib2/security/advisories/GHSA-gg84-qgv9-w4pq

来源:CONFIRM

链接:https://github.com/

来源:FEDORA

链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/IXCX2AWROGWGY5GXR7VN3BKF34A2FO6J/

来源:MLIST

链接:https://lists.apache.org/thread.html/r69a462e690b5f2c3d418a288a2c98ae764d58587bd0b5d6ab141f25f@%3Cissues.beam.apache.org%3E

来源:FEDORA

链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/PZJ3D6JSM7CFZESZZKGUW2VX55BOSOXI/

来源:MLIST

链接:https://lists.apache.org/thread.html/r7f364000066748299b331b615ba51c62f55ab5b201ddce9a22d98202@%3Cissues.beam.apache.org%3E

来源:MLIST

链接:https://lists.apache.org/thread.html/rc9eff9572946142b657c900fe63ea4bbd3535911e8d4ce4d08fe4b89@%3Ccommits.allura.apache.org%3E

来源:httplib2

链接:httplib2/commit/a1457cc31f3206cf691d11d2bf34e98865873e9e

来源:MLIST

链接:https://lists.debian.org/debian-lts-announce/2020/06/msg00000.html

来源:MLIST

链接:https://lists.apache.org/thread.html/rad8872fc99f670958c2774e2bf84ee32a3a0562a0c787465cf3dfa23@%3Cissues.beam.apache.org%3E

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/159993/Red-Hat-Security-Advisory-2020-5003-01.html

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2020.1906/

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2020.3857/

来源:httplib2-request-tampering-32378

链接:httplib2-request-tampering-32378

来源:vigilance.fr

链接:https://vigilance.fr/vulnerability/Python-

来源:www.nsfocus.net

链接:http://www.nsfocus.net/vulndb/48220

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.1749

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.1825

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.1858

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/159873/Red-Hat-Security-Advisory-2020-4605-01.html

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2020.3984/

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/162814/Red-Hat-Security-Advisory-2021-2116-01.html

来源:nvd.nist.gov

链接:https://nvd.nist.gov/vuln/detail/CVE-2020-11078

受影响实体

    暂无


补丁

  • httplib2 注入漏洞的修复措施
    <!--
    2020-5-20
    -->