httplib2@0.11.3 vulnerabilities

A comprehensive HTTP client library.

Known vulnerabilities in the httplib2 package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Vulnerability	Vulnerable Version
H Regular Expression Denial of Service (ReDoS) httplib2 is a small HTTP client library for Python. Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS). A malicious server which responds with long series of `\xa0` characters in the `www-authenticate` header, may cause a CPU burn while parsing the header of the `httplib2` client accessing server. How to fix Regular Expression Denial of Service (ReDoS)? Upgrade `httplib2` to version 0.19.0 or higher.	[0,0.19.0)
H CRLF Injection httplib2 is a small HTTP client library for Python. Affected versions of this package are vulnerable to CRLF Injection. It allows `%xx` quote of space, CR, LF characters in the URI. How to fix CRLF Injection? Upgrade `httplib2` to version 0.18.0 or higher.	[,0.18.0)
M CRLF Injection httplib2 is a small HTTP client library for Python. Affected versions of this package are vulnerable to CRLF Injection. An attacker controlling an unescaped part of uri for `httplib2.Http.request()` could change request headers and body, send additional hidden requests to same server. This vulnerability impacts software that uses `httplib2` with `uri` constructed by string concatenation, as opposed to proper `urllib` building with escaping. How to fix CRLF Injection? Upgrade `httplib2` to version 0.18.0 or higher.	[,0.18.0)