{"id":"PYSEC-2021-46","details":"before_upstream_connection in AuthPlugin in http/proxy/auth.py in proxy.py before 2.3.1 accepts incorrect Proxy-Authorization header data because of a boolean confusion (and versus or).","aliases":["CVE-2021-3116","GHSA-cmc7-mfmr-xqrx"],"modified":"2023-11-08T04:05:47.192874Z","published":"2021-01-11T05:15:00Z","references":[{"type":"PACKAGE","url":"https://pypi.org/project/proxy.py/2.3.1/#history"},{"type":"ADVISORY","url":"https://cardaci.xyz/advisories/2021/01/10/proxy.py-2.3.0-broken-basic-authentication/"},{"type":"WEB","url":"https://github.com/abhinavsingh/proxy.py/pull/482/commits/9b00093288237f5073c403f2c4f62acfdfa8ed46"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-cmc7-mfmr-xqrx"}],"affected":[{"package":{"name":"proxy-py","ecosystem":"PyPI","purl":"pkg:pypi/proxy-py"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.3.1"}]}],"versions":["0.1","0.2","0.3","1.0.0","1.1.0","1.1.1","2.0.0","2.1.1","2.1.2","2.2.0"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/proxy-py/PYSEC-2021-46.yaml"}}],"schema_version":"1.7.3"}