CVE-2021-41945
Summary
| CVE | CVE-2021-41945 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-04-28 14:15:00 UTC |
| Updated | 2022-10-12 02:40:00 UTC |
| Description | Encode OSS httpx < 0.23.0 is affected by improper input validation in `httpx.URL`, `httpx.Client` and some functions using `httpx.URL.copy_with`. |
Risk And Classification
Problem Types: CWE-20
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Some URL can make httpx use URL with wrong info · Issue #2184 · encode/httpx · GitHub | MISC | github.com | |
| GitHub - encode/httpx: A next generation HTTP client for Python. ???? | MISC | github.com | |
| Potential security issue by abuse the URL object · Discussion #1831 · encode/httpx · GitHub | MISC | github.com | |
| httpx PoC · GitHub | MISC | gist.github.com | |
| Encode | Security Analytics & Response Orchestration | MISC | encode.com | |
| Release Version 0.23.0 · encode/httpx · GitHub | MISC | github.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 182684 Debian Security Update for httpx (CVE-2021-41945)