Incorrect Comparison
CVE-2021-3116
Summary
before_upstream_connection in AuthPlugin in http/proxy/auth.py in proxy.py before 2.3.1 accepts incorrect Proxy-Authorization header data because of a boolean confusion (and versus or).
- LOW
- NETWORK
- HIGH
- UNCHANGED
- NONE
- NONE
- NONE
- NONE
CWE-697 - Incorrect Comparison
The software compares two entities in a security-relevant context, but the comparison is incorrect, which may lead to resultant weaknesses.
References
Advisory Timeline
- Published