CVE-2021-41945
CRITICALSeverity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Lifecycle Timeline
1Blast Radius
ecosystem impact- 95 pypi packages depend on httpx (87 direct, 8 indirect)
Ecosystem-wide dependent count for version 0.20.0.
DescriptionNVD
Encode OSS httpx < 0.23.0 is affected by improper input validation in httpx.URL, httpx.Client and some functions using httpx.URL.copy_with.
AnalysisAI
Encode OSS httpx < 0.23.0 is affected by improper input validation in httpx.URL, httpx.Client and some functions using httpx.URL.copy_with. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Technical ContextAI
This vulnerability is classified under CWE-20. Encode OSS httpx < 0.23.0 is affected by improper input validation in httpx.URL, httpx.Client and some functions using httpx.URL.copy_with. Affected products include: Encode Httpx.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Same weakness CWE-20 – Improper Input Validation
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today