CVE-2021-41945

NameCVE-2021-41945
DescriptionEncode OSS httpx < 0.23.0 is affected by improper input validation in `httpx.URL`, `httpx.Client` and some functions using `httpx.URL.copy_with`.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs1010336

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
httpx (PTS)bullseye0.16.1-1vulnerable
bookworm0.23.3-1fixed
sid, trixie0.27.0-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
httpxsource(unstable)0.23.0-11010336

Notes

[bullseye] - httpx <no-dsa> (Minor issue)
https://gist.github.com/lebr0nli/4edb76bbd3b5ff993cf44f2fbce5e571
https://github.com/encode/httpx/discussions/1831
https://github.com/encode/httpx/issues/2184
affected code has moved upstream, from _models.py to a new file, _urls.py
https://sources.debian.org/src/httpx/0.22.0-2/httpx/_models.py/?hl=537#L537

Search for package or bug name: Reporting problems