{"id":"CVE-2021-3116","details":"before_upstream_connection in AuthPlugin in http/proxy/auth.py in proxy.py before 2.3.1 accepts incorrect Proxy-Authorization header data because of a boolean confusion (and versus or).","aliases":["GHSA-cmc7-mfmr-xqrx","PYSEC-2021-46"],"modified":"2026-03-14T10:58:00.378149Z","published":"2021-01-11T05:15:10.987Z","references":[{"type":"FIX","url":"https://github.com/abhinavsingh/proxy.py/pull/482/commits/9b00093288237f5073c403f2c4f62acfdfa8ed46"},{"type":"PACKAGE","url":"https://pypi.org/project/proxy.py/2.3.1/#history"},{"type":"EVIDENCE","url":"https://cardaci.xyz/advisories/2021/01/10/proxy.py-2.3.0-broken-basic-authentication/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/abhinavsingh/proxy.py","events":[{"introduced":"0"},{"fixed":"82d562b7d6b068ea706634f97e6a086f5209df61"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2.3.1"}]}}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-3116.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}]}