Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Regular Expression Denial of Service in httplib2
Vulnerability Description
httplib2 is a comprehensive HTTP client library for Python. In httplib2 before version 0.19.0, a malicious server which responds with long series of "\xa0" characters in the "www-authenticate" header may cause Denial of Service (CPU burn while parsing header) of the httplib2 client accessing said server. This is fixed in version 0.19.0 which contains a new implementation of auth headers parsing using the pyparsing library.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
未加控制的资源消耗(资源穷尽)
Vulnerability Title
httplib2 资源管理错误漏洞
Vulnerability Description
httplib2是一款HTTP客户端库。 httplib2 0.19.0之前的版本中存在安全漏洞,该漏洞源于在 www-authenticate 报头中响应长串 xa0 字符可能会导致httpplib2客户端访问该服务器时拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A