Vulnerability Details : CVE-2021-41945
Encode OSS httpx < 0.23.0 is affected by improper input validation in `httpx.URL`, `httpx.Client` and some functions using `httpx.URL.copy_with`.
Vulnerability category: Input validation
Products affected by CVE-2021-41945
- cpe:2.3:a:encode:httpx:*:*:*:*:*:python:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-41945
0.17%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 54 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-41945
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.4
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:P/A:N |
10.0
|
4.9
|
NIST | |
9.1
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
3.9
|
5.2
|
NIST | |
9.1
|
CRITICAL | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
N/A
|
N/A
|
Oracle:CPUOct2023 |
CWE ids for CVE-2021-41945
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2021-41945
-
http://encode.com
Encode | Security Analytics & Response OrchestrationVendor Advisory
-
https://github.com/encode/httpx/issues/2184
Some URL can make httpx use URL with wrong info · Issue #2184 · encode/httpx · GitHubExploit;Issue Tracking;Third Party Advisory
-
https://github.com/encode/httpx/discussions/1831
Potential security issue by abuse the URL object · Discussion #1831 · encode/httpx · GitHubExploit;Issue Tracking;Third Party Advisory
-
https://github.com/encode/httpx/releases/tag/0.23.0
Release Version 0.23.0 · encode/httpx · GitHubRelease Notes;Third Party Advisory
-
https://gist.github.com/lebr0nli/4edb76bbd3b5ff993cf44f2fbce5e571
httpx PoC · GitHubExploit;Third Party Advisory
-
https://github.com/encode/httpx
GitHub - encode/httpx: A next generation HTTP client for Python. 🦋Product;Third Party Advisory
Jump to