CVE-2021-41945
CRITICAL
Published Apr 28, 20224y ago · Modified Jun 17, 20262w ago
9.1 CVSS 3.1
Published Apr 28, 2022 4y ago
Last Modified Jun 17, 2026 2w ago
Description
Encode OSS httpx < 0.23.0 is affected by improper input validation in `httpx.URL`, `httpx.Client` and some functions using `httpx.URL.copy_with`.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability None
Threat Intelligence
No active exploitation signals — not in CISA KEV and no EPSS score yet.
Exploit & Patch Status
Public Exploit Known
No Patch Available
Weaknesses 1
CWE-20 Improper Input Validation Validation
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| encode | httpx | * | <0.23.0 |
References 6
- encode.com http://encode.com
- gist.github.com https://gist.github.com/lebr0nli/4edb76bbd3b5ff993cf44f2fbce5e571
- github.com https://github.com/encode/httpx
- github.com https://github.com/encode/httpx/discussions/1831
- github.com https://github.com/encode/httpx/issues/2184
- github.com https://github.com/encode/httpx/releases/tag/0.23.0
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.