CVE-2021-41945

NameCVE-2021-41945
DescriptionEncode OSS httpx <=1.0.0.beta0 is affected by improper input validation in `httpx.URL`, `httpx.Client` and some functions using `httpx.URL.copy_with`.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium
Debian Bugs1010336

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
httpx (PTS)bullseye0.16.1-1vulnerable
bookworm, sid0.22.0-2vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
httpxsource(unstable)(unfixed)1010336

Notes

https://gist.github.com/lebr0nli/4edb76bbd3b5ff993cf44f2fbce5e571
https://github.com/encode/httpx/discussions/1831
https://github.com/encode/httpx/issues/2184
affected code has moved upstream, from _models.py to a new file, _urls.py
https://sources.debian.org/src/httpx/0.22.0-2/httpx/_models.py/?hl=537#L537

Search for package or bug name: Reporting problems