CVE-2021-41945

Name of the Vulnerable Software and Affected Versions Encode OSS httpx versions < 0.23.0 Encode OSS httpx version <=1.0.0.beta0

Description The issue is related to insufficient input validation in the httpx.URL and httpx.Client components, as well as in some functions that utilize httpx.URL.copy with. This could potentially allow a remote attacker to bypass existing security restrictions.

Recommendations For Encode OSS httpx versions < 0.23.0, update to version 0.23.0 or later to resolve the issue. For Encode OSS httpx version <=1.0.0.beta0, update to a version later than 1.0.0.beta0 to resolve the issue. As a temporary workaround, consider restricting the use of httpx.URL and httpx.Client until a patch is available. Avoid using functions that utilize httpx.URL.copy with in the affected API endpoints until the issue is resolved.