GHSA-h8pj-cxx2-jfg2
- Source
- https://github.com/advisories/GHSA-h8pj-cxx2-jfg2
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/04/GHSA-h8pj-cxx2-jfg2/GHSA-h8pj-cxx2-jfg2.json
- Aliases
- Published
- 2022-04-29T00:00:25Z
- Modified
- 2024-02-16T08:17:40.756947Z
- Details
-
Encode OSS httpx <=1.0.0.beta0 is affected by improper input validation in
httpx.URL,httpx.Clientand some functions usinghttpx.URL.copy_with. - References
-
- https://nvd.nist.gov/vuln/detail/CVE-2021-41945
- https://github.com/encode/httpx/issues/2184
- https://github.com/encode/httpx/pull/2185
- https://github.com/encode/httpx/pull/2185/commits/e3c495a32c63d8aa7f1bcf3b7b27ee1a0ff428e1
- https://github.com/encode/httpx/commit/e9b0c85dd4f4e4469c57c4b38e5101fd12081b5c
- https://gist.github.com/lebr0nli/4edb76bbd3b5ff993cf44f2fbce5e571
- https://github.com/advisories/GHSA-h8pj-cxx2-jfg2
- https://github.com/encode/httpx
- https://github.com/encode/httpx/discussions/1831
- https://github.com/encode/httpx/releases/tag/0.23.0
- https://github.com/pypa/advisory-database/tree/main/vulns/httpx/PYSEC-2022-183.yaml
Affected packages
PyPI / httpx
Package
- Name
- httpx
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0The exact introduced commit is unknownFixed0.23.0
Affected versions
0.*
0.0.1
0.6.7
0.6.8
0.7.0
0.7.1
0.7.2
0.7.3
0.7.4
0.7.5
0.7.6
0.7.7
0.7.8
0.8.0
0.9.0
0.9.1
0.9.2
0.9.3
0.9.4
0.9.5
0.10.0
0.10.1
0.11.0
0.11.1
0.12.0
0.12.1
0.13.dev0
0.13.0.dev1
0.13.0.dev2
0.13.0
0.13.1
0.13.2
0.13.3
0.14.0
0.14.1
0.14.2
0.14.3
0.15.0
0.15.1
0.15.2
0.15.3
0.15.4
0.15.5
0.16.0
0.16.1
0.17.0
0.17.1
0.18.0
0.18.1
0.18.2
0.19.0
0.20.0
0.21.0
0.21.1
0.21.2
0.21.3
0.22.0