blabla1337/skf-flask

Vulnerabilities

3 via 16 paths

Dependencies

71

Source

GitHub

Commit

74c41d16

Find, fix and prevent vulnerabilities in your code.

Severity
  • 1
  • 2
Status
  • 3
  • 0
  • 0

high severity

CRLF Injection

  • Vulnerable module: httplib2
  • Introduced through: httplib2@0.17.0, google-auth-httplib2@0.0.3 and others

Detailed paths

  • Introduced through: blabla1337/skf-flask@blabla1337/skf-flask#74c41d16966b759dd0fdf7e0b2ecd4627816562c httplib2@0.17.0
    Remediation: Upgrade to httplib2@0.18.0.
  • Introduced through: blabla1337/skf-flask@blabla1337/skf-flask#74c41d16966b759dd0fdf7e0b2ecd4627816562c google-auth-httplib2@0.0.3 httplib2@0.17.0
  • Introduced through: blabla1337/skf-flask@blabla1337/skf-flask#74c41d16966b759dd0fdf7e0b2ecd4627816562c google-api-python-client@1.7.11 httplib2@0.17.0
  • Introduced through: blabla1337/skf-flask@blabla1337/skf-flask#74c41d16966b759dd0fdf7e0b2ecd4627816562c oauth2client@4.1.3 httplib2@0.17.0
  • Introduced through: blabla1337/skf-flask@blabla1337/skf-flask#74c41d16966b759dd0fdf7e0b2ecd4627816562c google-api-python-client@1.7.11 google-auth-httplib2@0.0.3 httplib2@0.17.0

Overview

httplib2 is a small HTTP client library for Python.

Affected versions of this package are vulnerable to CRLF Injection. It allows %xx quote of space, CR, LF characters in the URI.

Remediation

Upgrade httplib2 to version 0.18.0 or higher.

References

medium severity

Access Restriction Bypass

  • Vulnerable module: rsa
  • Introduced through: rsa@4.0, google-auth@1.11.0 and others

Detailed paths

  • Introduced through: blabla1337/skf-flask@blabla1337/skf-flask#74c41d16966b759dd0fdf7e0b2ecd4627816562c rsa@4.0
    Remediation: Upgrade to rsa@4.1.
  • Introduced through: blabla1337/skf-flask@blabla1337/skf-flask#74c41d16966b759dd0fdf7e0b2ecd4627816562c google-auth@1.11.0 rsa@4.0
  • Introduced through: blabla1337/skf-flask@blabla1337/skf-flask#74c41d16966b759dd0fdf7e0b2ecd4627816562c oauth2client@4.1.3 rsa@4.0
  • Introduced through: blabla1337/skf-flask@blabla1337/skf-flask#74c41d16966b759dd0fdf7e0b2ecd4627816562c google-auth-httplib2@0.0.3 google-auth@1.11.0 rsa@4.0
  • Introduced through: blabla1337/skf-flask@blabla1337/skf-flask#74c41d16966b759dd0fdf7e0b2ecd4627816562c google-api-python-client@1.7.11 google-auth@1.11.0 rsa@4.0
  • Introduced through: blabla1337/skf-flask@blabla1337/skf-flask#74c41d16966b759dd0fdf7e0b2ecd4627816562c google-api-python-client@1.7.11 google-auth-httplib2@0.0.3 google-auth@1.11.0 rsa@4.0

Overview

rsa is a pure-Python RSA implementation.

Affected versions of this package are vulnerable to Access Restriction Bypass. It does not detect ciphertext modification during decryption (prepended "0" bytes) in PKCS1_v1_5.

Remediation

Upgrade rsa to version 4.1 or higher.

References

medium severity

CRLF Injection

  • Vulnerable module: httplib2
  • Introduced through: httplib2@0.17.0, google-auth-httplib2@0.0.3 and others

Detailed paths

  • Introduced through: blabla1337/skf-flask@blabla1337/skf-flask#74c41d16966b759dd0fdf7e0b2ecd4627816562c httplib2@0.17.0
    Remediation: Upgrade to httplib2@0.18.0.
  • Introduced through: blabla1337/skf-flask@blabla1337/skf-flask#74c41d16966b759dd0fdf7e0b2ecd4627816562c google-auth-httplib2@0.0.3 httplib2@0.17.0
  • Introduced through: blabla1337/skf-flask@blabla1337/skf-flask#74c41d16966b759dd0fdf7e0b2ecd4627816562c google-api-python-client@1.7.11 httplib2@0.17.0
  • Introduced through: blabla1337/skf-flask@blabla1337/skf-flask#74c41d16966b759dd0fdf7e0b2ecd4627816562c oauth2client@4.1.3 httplib2@0.17.0
  • Introduced through: blabla1337/skf-flask@blabla1337/skf-flask#74c41d16966b759dd0fdf7e0b2ecd4627816562c google-api-python-client@1.7.11 google-auth-httplib2@0.0.3 httplib2@0.17.0

Overview

httplib2 is a small HTTP client library for Python.

Affected versions of this package are vulnerable to CRLF Injection. An attacker controlling an unescaped part of uri for httplib2.Http.request() could change request headers and body, send additional hidden requests to same server. This vulnerability impacts software that useshttplib2 with uri constructed by string concatenation, as opposed to proper urllib building with escaping.

Remediation

Upgrade httplib2 to version 0.18.0 or higher.

References