CVE-2020-11078

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-11078

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-11078.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-11078

Aliases

Downstream

DEBIAN-CVE-2020-11078

DLA-2232-1

RHSA-2020:4605

RHSA-2020:5003

RHSA-2020:5004

RHSA-2021:2116

SUSE-SU-2021:1637-1

SUSE-SU-2021:1779-1

SUSE-SU-2021:1806-1

SUSE-SU-2021:1807-1

SUSE-SU-2021:1808-1

UBUNTU-CVE-2020-11078

openSUSE-SU-2021:0772-1

openSUSE-SU-2021:0796-1

openSUSE-SU-2021:1806-1

openSUSE-SU-2024:11231-1

openSUSE-SU-2024:14141-1

Related

Published

2020-05-20T16:15:10Z

Modified

2025-10-14T17:19:24.418388Z

Severity

6.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

In httplib2 before version 0.18.0, an attacker controlling unescaped part of uri for httplib2.Http.request() could change request headers and body, send additional hidden requests to same server. This vulnerability impacts software that uses httplib2 with uri constructed by string concatenation, as opposed to proper urllib building with escaping. This has been fixed in 0.18.0.

References

Affected packages

Git / github.com/httplib2/httplib2

Affected ranges

Type: GIT
Repo: https://github.com/httplib2/httplib2
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

a1457cc31f3206cf691d11d2bf34e98865873e9e

Affected versions

0.*

0.9

0.9.1

0.9.2

v0.*

v0.10.1

v0.10.3

v0.11.0

v0.11.1

v0.11.2

v0.11.3

v0.12.0

v0.12.3

v0.13.0

v0.13.1

v0.14.0

v0.15.0

v0.16.0

v0.17.0

v0.17.1

v0.17.2

v0.17.3

v0.17.4

v0.9

v0.9.1