VYPR

http-client

by GNU

CVEs (1)

  • CVE-2016-6287HigJan 10, 2017
    risk 0.49cvss 7.5epss 0.01

    The "http-client" egg always used a HTTP_PROXY environment variable to determine whether HTTP traffic should be routed via a proxy, even when running as a CGI process. Under several web servers this would mean a user-supplied "Proxy" header could allow an attacker to direct all…