DEBIAN-CVE-2020-11078

DEBIAN-CVE-2020-11078 PUBLISHED CVSS 6.800000190734863 MEDIUM

In httplib2 before version 0.18.0, an attacker controlling unescaped part of uri for `httplib2.Http.request()` could change request headers and body, send additional hidden requests to same server. This vulnerability impacts software that uses httplib2 with uri constructed by string concatenation, as opposed to proper urllib building with escaping. This has been fixed in 0.18.0.

Risk Scores

CVSS v3.1

6.800000190734863

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N

Affected Products

Vendor	Product	Versions
Debian	python-httplib2
Debian:11	python-httplib2	0, 0, 0
Debian:12	python-httplib2	0, 0, 0
Debian:14	python-httplib2	0, 0, 0
Debian:13	python-httplib2	0, 0, 0

Timeline

May 20, 2020 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2020-11078 advisory

Open in Interactive Console →