9.1

CVE-2021-41945

Exploit
Encode OSS httpx < 0.23.0 is affected by improper input validation in `httpx.URL`, `httpx.Client` and some functions using `httpx.URL.copy_with`.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
EncodeHttpx SwPlatformpython Version < 0.23.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.03% 0.787
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.1 3.9 5.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
nvd@nist.gov 6.4 10 4.9
AV:N/AC:L/Au:N/C:P/I:P/A:N
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://gist.github.com/lebr0nli/4edb76bbd3b5ff993cf44f2fbce5e571
Third Party Advisory
Exploit
https://github.com/encode/httpx
Third Party Advisory
Product
https://github.com/encode/httpx/discussions/1831
Third Party Advisory
Exploit
Issue Tracking
https://github.com/encode/httpx/issues/2184
Third Party Advisory
Exploit
Issue Tracking
https://github.com/encode/httpx/releases/tag/0.23.0
Third Party Advisory
Release Notes