Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS02cGM5LXhxcmctd2Zxd80zHw
Exposure of Sensitive information in httpie
httpie is a modern, user-friendly command-line HTTP client for the API era. Prior to version 3.1.0, all cookies saved to session storage are supercookies. At this time, there is no known workaround. Users are recommended to update to version 3.1.0.
Permalink: https://github.com/advisories/GHSA-6pc9-xqrg-wfqwJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS02cGM5LXhxcmctd2Zxd80zHw
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: about 2 years ago
Updated: over 1 year ago
CVSS Score: 2.4
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N
Identifiers: GHSA-6pc9-xqrg-wfqw, CVE-2022-0430
References:
- https://nvd.nist.gov/vuln/detail/CVE-2022-0430
- https://github.com/httpie/httpie/commit/65ab7d5caaaf2f95e61f9dd65441801c2ddee38b
- https://huntr.dev/bounties/dafb2e4f-c6b6-4768-8ef5-b396cd6a801f
- https://github.com/pypa/advisory-database/tree/main/vulns/httpie/PYSEC-2022-167.yaml
- https://github.com/advisories/GHSA-6pc9-xqrg-wfqw
Blast Radius: 8.6
Affected Packages
pypi:httpie
Dependent packages: 26Dependent repositories: 3,903
Downloads: 373,615 last month
Affected Version Ranges: < 3.1.0
Fixed in: 3.1.0
All affected versions: 0.1.1, 0.1.2, 0.1.3, 0.1.4, 0.1.5, 0.1.6, 0.2.0, 0.2.1, 0.2.2, 0.2.3, 0.2.4, 0.2.5, 0.2.6, 0.2.7, 0.3.0, 0.3.1, 0.4.0, 0.4.1, 0.5.0, 0.5.1, 0.6.0, 0.7.0, 0.7.2, 0.8.0, 0.9.0, 0.9.1, 0.9.2, 0.9.3, 0.9.4, 0.9.5, 0.9.6, 0.9.7, 0.9.8, 0.9.9, 1.0.0, 1.0.2, 1.0.3, 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.4.0, 2.5.0, 2.6.0, 3.0.0, 3.0.1, 3.0.2
All unaffected versions: 3.1.0, 3.2.0, 3.2.1, 3.2.2