Vulnerability Details CVE-2021-3116
before_upstream_connection in AuthPlugin in http/proxy/auth.py in proxy.py before 2.3.1 accepts incorrect Proxy-Authorization header data because of a boolean confusion (and versus or).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 60.6%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://cardaci.xyz/advisories/2021/01/10/proxy.py-2.3.0-broken-basic-authentication/
- https://github.com/abhinavsingh/proxy.py/pull/482/commits/9b00093288237f5073c403f2c4f62acfdfa8ed46
- https://pypi.org/project/proxy.py/2.3.1/#history
- https://cardaci.xyz/advisories/2021/01/10/proxy.py-2.3.0-broken-basic-authentication/
- https://github.com/abhinavsingh/proxy.py/pull/482/commits/9b00093288237f5073c403f2c4f62acfdfa8ed46
- https://pypi.org/project/proxy.py/2.3.1/#history
Products affected by CVE-2021-3116
-
cpe:2.3:a:proxy.py_project:proxy.py:0.1
-
cpe:2.3:a:proxy.py_project:proxy.py:0.2
-
cpe:2.3:a:proxy.py_project:proxy.py:0.3
-
cpe:2.3:a:proxy.py_project:proxy.py:1.0.0
-
cpe:2.3:a:proxy.py_project:proxy.py:1.1.0
-
cpe:2.3:a:proxy.py_project:proxy.py:1.1.1
-
cpe:2.3:a:proxy.py_project:proxy.py:2.0.0
-
cpe:2.3:a:proxy.py_project:proxy.py:2.1.1
-
cpe:2.3:a:proxy.py_project:proxy.py:2.1.2
-
cpe:2.3:a:proxy.py_project:proxy.py:2.2.0