GHSA-h8pj-cxx2-jfg2

Source

https://github.com/advisories/GHSA-h8pj-cxx2-jfg2

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/04/GHSA-h8pj-cxx2-jfg2/GHSA-h8pj-cxx2-jfg2.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-h8pj-cxx2-jfg2

Aliases

Published

2022-04-29T00:00:25Z

Modified

2024-09-23T17:09:08.483494Z

Severity

9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
9.3 (Critical) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N CVSS Calculator

Summary

Improper Input Validation in httpx

Details

Encode OSS httpx <=1.0.0.beta0 is affected by improper input validation in httpx.URL, httpx.Client and some functions using httpx.URL.copy_with.

Database specific

{
    "nvd_published_at": "2022-04-28T14:15:00Z",
    "cwe_ids": [
        "CWE-20"
    ],
    "severity": "CRITICAL",
    "github_reviewed": true,
    "github_reviewed_at": "2022-04-29T22:55:38Z"
}

References

Affected packages

PyPI / httpx

Package

Name: httpx; View open source insights on deps.dev
Purl: pkg:pypi/httpx

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.23.0

Affected versions

0.*

0.0.1

0.6.7

0.6.8

0.7.0

0.7.1

0.7.2

0.7.3

0.7.4

0.7.5

0.7.6

0.7.7

0.7.8

0.8.0

0.9.0

0.9.1

0.9.2

0.9.3

0.9.4

0.9.5

0.10.0

0.10.1

0.11.0

0.11.1

0.12.0

0.12.1

0.13.dev0

0.13.0.dev1

0.13.0.dev2

0.13.0

0.13.1

0.13.2

0.13.3

0.14.0

0.14.1

0.14.2

0.14.3

0.15.0

0.15.1

0.15.2

0.15.3

0.15.4

0.15.5

0.16.0

0.16.1

0.17.0

0.17.1

0.18.0

0.18.1

0.18.2

0.19.0

0.20.0

0.21.0

0.21.1

0.21.2

0.21.3

0.22.0

Ecosystem specific

{
    "affected_functions": [
        "httpx._urls.URL.copy_with"
    ]
}