Upstream information

CVE-2021-41945 at MITRE


Encode OSS httpx < 0.23.0 is affected by improper input validation in `httpx.URL`, `httpx.Client` and some functions using `httpx.URL.copy_with`.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having critical severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 6.4
Vector AV:N/AC:L/Au:N/C:P/I:P/A:N
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact None
CVSS v3 Scores
  National Vulnerability Database
Base Score 9.1
Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality Impact High
Integrity Impact High
Availability Impact None
CVSSv3 Version 3.1
SUSE Bugzilla entry: 1199002 [RESOLVED / FIXED]

No SUSE Security Announcements cross referenced.

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Micro 6.0
  • python311-httpx >= 0.24.0-5.82
SUSE Linux Enterprise Micro 6.0 GA python311-httpx-0.24.0-5.82
openSUSE Tumbleweed
  • python310-httpx >= 0.22.0-3.1
  • python38-httpx >= 0.22.0-3.1
  • python39-httpx >= 0.22.0-3.1

SUSE Timeline for this CVE

CVE page created: Fri Apr 29 00:00:31 2022
CVE page last modified: Sun Jun 16 01:51:05 2024