Skip to main content

Httplib2

4 CVEs product

Monthly

CVE-2026-59939 PyPI HIGH POC PATCH This Week

Denial of service in the httplib2 Python HTTP client library (all versions prior to 0.32.0) lets a malicious or compromised HTTP server crash the client by returning a small gzip- or deflate-compressed response body that expands without bound during automatic decompression, exhausting memory and triggering a MemoryError or OS OOM-kill. Any application that uses httplib2 to fetch content from untrusted or attacker-controllable endpoints is affected. No public exploit identified at time of analysis; EPSS not provided, but the class is trivially demonstrable and the fix is a one-line-scope behavioral change shipped in 0.32.0.

Python Information Disclosure Httplib2
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.3%
CVE-2021-21240 PyPI HIGH POC PATCH This Week

httplib2 is a comprehensive HTTP client library for Python. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Denial Of Service Httplib2
NVD GitHub
CVSS 3.1
7.5
EPSS
3.9%
CVE-2020-11078 PyPI MEDIUM PATCH This Month

In httplib2 before version 0.18.0, an attacker controlling unescaped part of uri for `httplib2.Http.request()` could change request headers and body, send additional hidden requests to same server. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Httplib2 Fedora Debian Linux
NVD GitHub
CVSS 3.1
6.8
EPSS
2.6%
CVE-2013-2037 PyPI LOW POC PATCH Monitor

httplib2 0.7.2, 0.8, and earlier, after an initial connection is made, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. Public exploit code available.

Information Disclosure Ubuntu Linux Httplib2
NVD
CVSS 2.0
2.6
EPSS
0.5%
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

Denial of service in the httplib2 Python HTTP client library (all versions prior to 0.32.0) lets a malicious or compromised HTTP server crash the client by returning a small gzip- or deflate-compressed response body that expands without bound during automatic decompression, exhausting memory and triggering a MemoryError or OS OOM-kill. Any application that uses httplib2 to fetch content from untrusted or attacker-controllable endpoints is affected. No public exploit identified at time of analysis; EPSS not provided, but the class is trivially demonstrable and the fix is a one-line-scope behavioral change shipped in 0.32.0.

Python Information Disclosure Httplib2
NVD GitHub VulDB
EPSS 4% CVSS 7.5
HIGH POC PATCH This Week

httplib2 is a comprehensive HTTP client library for Python. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Denial Of Service Httplib2
NVD GitHub
EPSS 3% CVSS 6.8
MEDIUM PATCH This Month

In httplib2 before version 0.18.0, an attacker controlling unescaped part of uri for `httplib2.Http.request()` could change request headers and body, send additional hidden requests to same server. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Httplib2 Fedora +1
NVD GitHub
EPSS 0% CVSS 2.6
LOW POC PATCH Monitor

httplib2 0.7.2, 0.8, and earlier, after an initial connection is made, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. Public exploit code available.

Information Disclosure Ubuntu Linux Httplib2
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy