9.1
CVE-2021-41945
- EPSS 2.03%
- Veröffentlicht 28.04.2022 14:15:07
- Zuletzt bearbeitet 09.07.2026 01:17:04
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Encode OSS httpx < 0.23.0 is affected by improper input validation in `httpx.URL`, `httpx.Client` and some functions using `httpx.URL.copy_with`.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.03% | 0.787 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.1 | 3.9 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
|
| nvd@nist.gov | 6.4 | 10 | 4.9 |
AV:N/AC:L/Au:N/C:P/I:P/A:N
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
https://gist.github.com/lebr0nli/4edb76bbd3b5ff993cf44f2fbce5e571
https://github.com/encode/httpx
https://github.com/encode/httpx/discussions/1831
https://github.com/encode/httpx/issues/2184
https://github.com/encode/httpx/releases/tag/0.23.0