Vulnerability Description
Encode OSS httpx < 0.23.0 is affected by improper input validation in `httpx.URL`, `httpx.Client` and some functions using `httpx.URL.copy_with`.
CVSS Score
9.1
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Encode | Httpx | < 0.23.0 |
Related Weaknesses (CWE)
References
- http://encode.comVendor Advisory
- https://gist.github.com/lebr0nli/4edb76bbd3b5ff993cf44f2fbce5e571ExploitThird Party Advisory
- https://github.com/encode/httpxProductThird Party Advisory
- https://github.com/encode/httpx/discussions/1831ExploitIssue TrackingThird Party Advisory
- https://github.com/encode/httpx/issues/2184ExploitIssue TrackingThird Party Advisory
- https://github.com/encode/httpx/releases/tag/0.23.0Release NotesThird Party Advisory
- http://encode.comVendor Advisory
- https://gist.github.com/lebr0nli/4edb76bbd3b5ff993cf44f2fbce5e571ExploitThird Party Advisory
- https://github.com/encode/httpxProductThird Party Advisory
- https://github.com/encode/httpx/discussions/1831ExploitIssue TrackingThird Party Advisory
- https://github.com/encode/httpx/issues/2184ExploitIssue TrackingThird Party Advisory
- https://github.com/encode/httpx/releases/tag/0.23.0Release NotesThird Party Advisory
FAQ
What is CVE-2021-41945?
CVE-2021-41945 is a vulnerability with a CVSS score of 9.1 (CRITICAL). Encode OSS httpx < 0.23.0 is affected by improper input validation in `httpx.URL`, `httpx.Client` and some functions using `httpx.URL.copy_with`.
How severe is CVE-2021-41945?
CVE-2021-41945 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-41945?
Check the references section above for vendor advisories and patch information. Affected products include: Encode Httpx.