ASA-202205-1 log raw

[ASA-202205-1] python-httpx: access restriction bypass
Arch Linux Security Advisory ASA-202205-1 ========================================= Severity: Critical Date : 2022-05-16 CVE-ID : CVE-2021-41945 Package : python-httpx Type : access restriction bypass Remote : Yes Link : Summary ======= The package python-httpx before version 0.22.0-2 is vulnerable to access restriction bypass. Resolution ========== Upgrade to 0.22.0-2. # pacman -Syu "python-httpx>=0.22.0-2" The problem has been fixed upstream but no release is available yet. Workaround ========== None. Description =========== A vulnerability was found in the `httpx.URL`, `httpx.Client`and `httpx.URL.copy_with' functions of the python-httpx package allowing an attacker to bypass access restrictions. Impact ====== An attacker can access sensitive information using a maliciously crafted HTTP request. References ==========