High severityNVD Advisory· Published Jan 11, 2021· Updated Aug 3, 2024
CVE-2021-3116
CVE-2021-3116
Description
before_upstream_connection in AuthPlugin in http/proxy/auth.py in proxy.py before 2.3.1 accepts incorrect Proxy-Authorization header data because of a boolean confusion (and versus or).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
proxy.pyPyPI | < 2.3.1 | 2.3.1 |
Affected products
2- proxy.py/proxy.pydescription
Patches
Vulnerability mechanics
References
9- github.com/advisories/GHSA-cmc7-mfmr-xqrxghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-3116ghsaADVISORY
- cardaci.xyz/advisories/2021/01/10/proxy.py-2.3.0-broken-basic-authenticationghsaWEB
- cardaci.xyz/advisories/2021/01/10/proxy.py-2.3.0-broken-basic-authentication/mitrex_refsource_MISC
- github.com/abhinavsingh/proxy.py/commit/bff171ec26d826ae1d22d2466eaf9d8bdbf059d3ghsaWEB
- github.com/abhinavsingh/proxy.py/pull/482ghsaWEB
- github.com/abhinavsingh/proxy.py/pull/482/commits/9b00093288237f5073c403f2c4f62acfdfa8ed46ghsax_refsource_MISCWEB
- github.com/pypa/advisory-database/tree/main/vulns/proxy-py/PYSEC-2021-46.yamlghsaWEB
- pypi.org/project/proxy.py/2.3.1/ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.