Encode Encode

  1. Vendors
  2. Encode
Do you want an email whenever new security vulnerabilities are reported in any Encode product?

Products by Encode Sorted by Most Security Vulnerabilities since 2018

Encode Starlette2 vulnerabilities

Encode Django Rest Framework1 vulnerability

Encode Httpx1 vulnerability

Encode Uvicorn1 vulnerability

By the Year

In 2024 there have been 0 vulnerabilities in Encode . Last year Encode had 2 security vulnerabilities published. Right now, Encode is on track to have less security vulnerabilities in 2024 than it did last year.

Year Vulnerabilities Average Score
2024 0 0.00
2023 2 7.50
2022 1 9.10
2021 0 0.00
2020 2 5.70
2019 0 0.00
2018 0 0.00

It may take a day or so for new Encode vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Encode Security Vulnerabilities

Directory traversal vulnerability in Starlette versions 0.13.5 and later and prior to 0.27.0

CVE-2023-29159 7.5 - High - June 01, 2023

Directory traversal vulnerability in Starlette versions 0.13.5 and later and prior to 0.27.0 allows a remote unauthenticated attacker to view files in a web service which was built using Starlette.

Directory traversal

There MultipartParser usage in Encode's Starlette python framework before versions 0.25.0

CVE-2023-30798 7.5 - High - April 21, 2023

There MultipartParser usage in Encode's Starlette python framework before versions 0.25.0 allows an unauthenticated and remote attacker to specify any number of form fields or files which can cause excessive memory usage resulting in denial of service of the HTTP service.

Resource Exhaustion

Encode OSS httpx < 0.23.0 is affected by improper input validation in `httpx.URL`

CVE-2021-41945 9.1 - Critical - April 28, 2022

Encode OSS httpx < 0.23.0 is affected by improper input validation in `httpx.URL`, `httpx.Client` and some functions using `httpx.URL.copy_with`.

Improper Input Validation

A flaw was found in Django REST Framework versions before 3.12.0 and before 3.11.2

CVE-2020-25626 6.1 - Medium - September 30, 2020

A flaw was found in Django REST Framework versions before 3.12.0 and before 3.11.2. When using the browseable API viewer, Django REST Framework fails to properly escape certain strings that can come from user input. This allows a user who can control those strings to inject malicious <script> tags, leading to a cross-site-scripting (XSS) vulnerability.

XSS

Uvicorn before 0.11.7 is vulnerable to HTTP response splitting

CVE-2020-7695 5.3 - Medium - July 27, 2020

Uvicorn before 0.11.7 is vulnerable to HTTP response splitting. CRLF sequences are not escaped in the value of HTTP headers. Attackers can exploit this to add arbitrary headers to HTTP responses, or even return an arbitrary response body, whenever crafted input is used to construct HTTP headers.

Injection

Built by Foundeo Inc., with data from the National Vulnerability Database (NVD), Icons by Icons8. Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.