Description
before_upstream_connection in AuthPlugin in http/proxy/auth.py in proxy.py before 2.3.1 accepts incorrect Proxy-Authorization header data because of a boolean confusion (and versus or).
References (3)
Core 3
Core References
Exploit, Third Party Advisory x_refsource_misc
https://cardaci.xyz/advisories/2021/01/10/proxy.py-2.3.0-broken-basic-authentication/
Patch x_refsource_misc
https://github.com/abhinavsingh/proxy.py/pull/482/commits/9b00093288237f5073c403f2c4f62acfdfa8ed46
Product x_refsource_misc
https://pypi.org/project/proxy.py/2.3.1/#history
Scores
CVSS v3
7.5
EPSS
0.0167
EPSS Percentile
73.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-697
Status
published
Products (2)
proxy.py_project/proxy.py
< 2.3.1
pypi/proxy.py
0 - 2.3.1PyPI
Published
Jan 11, 2021
Tracked Since
Feb 18, 2026