GHSA-h8pj-cxx2-jfg2
Suggest an improvement- Source
- https://github.com/advisories/GHSA-h8pj-cxx2-jfg2
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/04/GHSA-h8pj-cxx2-jfg2/GHSA-h8pj-cxx2-jfg2.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-h8pj-cxx2-jfg2
- Aliases
- Published
- 2022-04-29T00:00:25Z
- Modified
- 2024-02-16T08:17:40.756947Z
- Severity
-
- 9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
- Summary
- Improper Input Validation in httpx
- Details
-
Encode OSS httpx <=1.0.0.beta0 is affected by improper input validation in
httpx.URL,httpx.Clientand some functions usinghttpx.URL.copy_with. - References
-
- https://nvd.nist.gov/vuln/detail/CVE-2021-41945
- https://github.com/encode/httpx/issues/2184
- https://github.com/encode/httpx/pull/2185
- https://github.com/encode/httpx/pull/2185/commits/e3c495a32c63d8aa7f1bcf3b7b27ee1a0ff428e1
- https://github.com/encode/httpx/commit/e9b0c85dd4f4e4469c57c4b38e5101fd12081b5c
- https://gist.github.com/lebr0nli/4edb76bbd3b5ff993cf44f2fbce5e571
- https://github.com/advisories/GHSA-h8pj-cxx2-jfg2
- https://github.com/encode/httpx
- https://github.com/encode/httpx/discussions/1831
- https://github.com/encode/httpx/releases/tag/0.23.0
- https://github.com/pypa/advisory-database/tree/main/vulns/httpx/PYSEC-2022-183.yaml
Affected packages
PyPI / httpx
Package
- Name
- httpx
- View open source insights on deps.dev
- Purl
- pkg:pypi/httpx
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.23.0
Affected versions
0.*
0.0.1
0.6.7
0.6.8
0.7.0
0.7.1
0.7.2
0.7.3
0.7.4
0.7.5
0.7.6
0.7.7
0.7.8
0.8.0
0.9.0
0.9.1
0.9.2
0.9.3
0.9.4
0.9.5
0.10.0
0.10.1
0.11.0
0.11.1
0.12.0
0.12.1
0.13.dev0
0.13.0.dev1
0.13.0.dev2
0.13.0
0.13.1
0.13.2
0.13.3
0.14.0
0.14.1
0.14.2
0.14.3
0.15.0
0.15.1
0.15.2
0.15.3
0.15.4
0.15.5
0.16.0
0.16.1
0.17.0
0.17.1
0.18.0
0.18.1
0.18.2
0.19.0
0.20.0
0.21.0
0.21.1
0.21.2
0.21.3
0.22.0