PYSEC-2021-46

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/proxy-py/PYSEC-2021-46.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2021-46

Aliases

CVE-2021-3116
GHSA-cmc7-mfmr-xqrx

Published

2021-01-11T05:15:00Z

Modified

2023-11-08T04:05:47.192874Z

Summary

[none]

Details

beforeupstreamconnection in AuthPlugin in http/proxy/auth.py in proxy.py before 2.3.1 accepts incorrect Proxy-Authorization header data because of a boolean confusion (and versus or).

References

https://pypi.org/project/proxy.py/2.3.1/#history
https://cardaci.xyz/advisories/2021/01/10/proxy.py-2.3.0-broken-basic-authentication/
https://github.com/abhinavsingh/proxy.py/pull/482/commits/9b00093288237f5073c403f2c4f62acfdfa8ed46
https://github.com/advisories/GHSA-cmc7-mfmr-xqrx

Affected packages

PyPI / proxy-py

Package

Name: proxy-py; View open source insights on deps.dev
Purl: pkg:pypi/proxy-py

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.3.1

Affected versions

0.*

0.1

0.2

0.3

1.*

1.0.0

1.1.0

1.1.1

2.*

2.0.0

2.1.1

2.1.2

2.2.0

Database specific

source

"https://github.com/pypa/advisory-database/blob/main/vulns/proxy-py/PYSEC-2021-46.yaml"