GitHub Advisory DatabaseGHSA-CMC7-MFMR-XQRXLogic error in authentication in proxy.py
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS
Percentile
52.4%
before_upstream_connection in AuthPlugin in http/proxy/auth.py in proxy.py before 2.3.1 accepts incorrect Proxy-Authorization header data because of a boolean confusion (and versus or).
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| proxy.py_project | proxy.py | * | cpe:2.3:a:proxy.py_project:proxy.py:*:*:*:*:*:*:*:* |
References
cardaci.xyz/advisories/2021/01/10/proxy.py-2.3.0-broken-basic-authentication
github.com/abhinavsingh/proxy.py/commit/bff171ec26d826ae1d22d2466eaf9d8bdbf059d3
github.com/abhinavsingh/proxy.py/pull/482
github.com/advisories/GHSA-cmc7-mfmr-xqrx
github.com/pypa/advisory-database/tree/main/vulns/proxy-py/PYSEC-2021-46.yaml
nvd.nist.gov/vuln/detail/CVE-2021-3116
pypi.org/project/proxy.py/2.3.1/#history
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS
Percentile
52.4%