CVE-2024-31994: Python Httpx Missing Secure Transport
Instantiating an `httpx` client without a custom `transport` leaves the application vulnerable to Server-Side Request Forgery (SSRF) and Denial of Service (DoS) if used to fetch user-controlled URLs. The default transport permits reaching arbitrary internal IP addresses and downloading unbounded payload sizes. Initialize the client with a secure `transport`
Pythongreprules fetch cve-2024-31994-python-httpx-missing-secure-transport --engine opengrepDescription
Instantiating an `httpx` client without a custom `transport` leaves the application vulnerable to Server-Side Request Forgery (SSRF) and Denial of Service (DoS) if used to fetch user-controlled URLs. The default transport permits reaching arbitrary internal IP addresses and downloading unbounded payload sizes. Initialize the client with a secure `transport`
Community feedback
0 signals from signed-in users.
- Useful
- 0
- False positive
- 0
- Metadata
- 0