before_upstream_connection in AuthPlugin in http/proxy/auth.py in proxy.py before 2.3.1 accepts incorrect Proxy-Authorization header data because of a boolean confusion (and versus or).
References
Link | Resource |
---|---|
https://cardaci.xyz/advisories/2021/01/10/proxy.py-2.3.0-broken-basic-authentication/ | Exploit Third Party Advisory |
https://github.com/abhinavsingh/proxy.py/pull/482/commits/9b00093288237f5073c403f2c4f62acfdfa8ed46 | Patch |
https://pypi.org/project/proxy.py/2.3.1/#history | Product |
Configurations
History
15 Feb 2024, 21:40
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-697 | |
References | () https://github.com/abhinavsingh/proxy.py/pull/482/commits/9b00093288237f5073c403f2c4f62acfdfa8ed46 - Patch | |
References | () https://pypi.org/project/proxy.py/2.3.1/#history - Product |
14 Jan 2021, 15:09
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:proxy.py_project:proxy.py:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
CWE | NVD-CWE-noinfo | |
References | (MISC) https://github.com/abhinavsingh/proxy.py/pull/482/commits/9b00093288237f5073c403f2c4f62acfdfa8ed46 - Patch, Third Party Advisory | |
References | (MISC) https://cardaci.xyz/advisories/2021/01/10/proxy.py-2.3.0-broken-basic-authentication/ - Exploit, Third Party Advisory | |
References | (MISC) https://pypi.org/project/proxy.py/2.3.1/#history - Product, Third Party Advisory |
11 Jan 2021, 05:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-01-11 05:15
Updated : 2024-02-15 21:40
NVD link : CVE-2021-3116
Mitre link : CVE-2021-3116
CVE.ORG link : CVE-2021-3116
JSON object : View
Products Affected
proxy.py_project
- proxy.py
CWE
CWE-697
Incorrect Comparison