CVE-2019-10751 – httpie

Package

Manager: pip
Name: httpie
Vulnerable Version: >=0 <1.0.3

Severity

Level: High

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00492 pctl0.64664

Details

Open Redirect in httpie All versions of the HTTPie package prior to version 1.0.3 are vulnerable to Open Redirect that allows an attacker to write an arbitrary file with supplied filename and content to the current directory, by redirecting a request from HTTP to a crafted URL pointing to a server in his or hers control.

Metadata

Created: 2019-08-27T17:44:33Z
Modified: 2024-09-20T21:26:30Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/08/GHSA-xjjg-vmw6-c2p9/GHSA-xjjg-vmw6-c2p9.json
CWE IDs: ["CWE-601"]
Alternative ID: GHSA-xjjg-vmw6-c2p9
Finding: F156
Auto approve: 1