mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-06 02:31:38 +00:00
1.5 KiB
1.5 KiB
CVE-2021-21240
Description
httplib2 is a comprehensive HTTP client library for Python. In httplib2 before version 0.19.0, a malicious server which responds with long series of "\xa0" characters in the "www-authenticate" header may cause Denial of Service (CPU burn while parsing header) of the httplib2 client accessing said server. This is fixed in version 0.19.0 which contains a new implementation of auth headers parsing using the pyparsing library.
POC
Reference
No PoCs from references.
Github
- https://github.com/ANTONYOH/midterm_trivy
- https://github.com/McLaouth/trivi
- https://github.com/aquasecurity/trivy
- https://github.com/candrapw/trivy
- https://github.com/doyensec/regexploit
- https://github.com/fhirfactory/pegacorn-scanner-trivy
- https://github.com/georgearce24/aquasecurity-trivy
- https://github.com/immydestiny/trivy-file
- https://github.com/justPray/1122
- https://github.com/kaisenlinux/trivy
- https://github.com/khulnasoft-lab/vulx
- https://github.com/krishna-commits/trivy
- https://github.com/krishna-commits/trivy-test
- https://github.com/rafavinnce/trivy_0.27.1
- https://github.com/renovate-bot/khulnasoft-lab-_-vulx
- https://github.com/retr0-13/regexploit