ALT-PU-2022-5526-1
Package python3-module-httpx updated to version 0.23.0-alt2 for branch sisyphus_mipsel.
Closed vulnerabilities
Published: 2022-04-28
BDU:2022-07059
Уязвимость библиотеки Encode OSS HTTPX, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю обойти существующие ограничения безопасности
Severity: CRITICAL (9.1)
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Severity: CRITICAL (9.4)
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:N
References:
Published: 2022-04-28
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2021-41945
Encode OSS httpx < 0.23.0 is affected by improper input validation in `httpx.URL`, `httpx.Client` and some functions using `httpx.URL.copy_with`.
Severity: MEDIUM (6.4)
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N
Severity: CRITICAL (9.1)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
References:
- http://encode.com
- https://gist.github.com/lebr0nli/4edb76bbd3b5ff993cf44f2fbce5e571
- https://github.com/encode/httpx
- https://github.com/encode/httpx/discussions/1831
- https://github.com/encode/httpx/issues/2184
- https://github.com/encode/httpx/releases/tag/0.23.0
- http://encode.com
- https://gist.github.com/lebr0nli/4edb76bbd3b5ff993cf44f2fbce5e571
- https://github.com/encode/httpx
- https://github.com/encode/httpx/discussions/1831
- https://github.com/encode/httpx/issues/2184
- https://github.com/encode/httpx/releases/tag/0.23.0