CVEs-PoC/2021/CVE-2021-21240.md

### [CVE-2021-21240](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21240)
![](https://img.shields.io/static/v1?label=Product&message=httplib2&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3C%200.19.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-400%20Uncontrolled%20Resource%20Consumption&color=brightgreen)

### Description

httplib2 is a comprehensive HTTP client library for Python. In httplib2 before version 0.19.0, a malicious server which responds with long series of "\xa0" characters in the "www-authenticate" header may cause Denial of Service (CPU burn while parsing header) of the httplib2 client accessing said server. This is fixed in version 0.19.0 which contains a new implementation of auth headers parsing using the pyparsing library.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/11notes/docker-github-runner
- https://github.com/ANTONYOH/midterm_trivy
- https://github.com/McLaouth/trivi
- https://github.com/ankitv1504/TaskManage-ci-cd
- https://github.com/aquasecurity/trivy
- https://github.com/candrapw/trivy
- https://github.com/doyensec/regexploit
- https://github.com/fhirfactory/pegacorn-scanner-trivy
- https://github.com/georgearce24/aquasecurity-trivy
- https://github.com/immydestiny/trivy-file
- https://github.com/justPray/1122
- https://github.com/kaisenlinux/trivy
- https://github.com/khulnasoft-lab/vulx
- https://github.com/krishna-commits/trivy
- https://github.com/krishna-commits/trivy-test
- https://github.com/rafavinnce/trivy_0.27.1
- https://github.com/renovate-bot/khulnasoft-lab-_-vulx
- https://github.com/retr0-13/regexploit