Ecosyste.ms: Advisories

Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhqamctdm13Ni1jMnA5

Open Redirect in httpie

All versions of the HTTPie package prior to version 1.0.3 are vulnerable to Open Redirect that allows an attacker to write an arbitrary file with supplied filename and content to the current directory, by redirecting a request from HTTP to a crafted URL pointing to a server in his or hers control.

Permalink: https://github.com/advisories/GHSA-xjjg-vmw6-c2p9
JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhqamctdm13Ni1jMnA5
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 5 years ago
Updated: 3 months ago

CVSS Score: 8.8
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Percentage: 0.00507
EPSS Percentile: 0.7682

Identifiers: GHSA-xjjg-vmw6-c2p9, CVE-2019-10751
References:

• https://nvd.nist.gov/vuln/detail/CVE-2019-10751
• https://snyk.io/vuln/SNYK-PYTHON-HTTPIE-460107
• https://github.com/advisories/GHSA-xjjg-vmw6-c2p9
• https://github.com/jakubroztocil/httpie/releases/tag/1.0.3
• https://github.com/pypa/advisory-database/tree/main/vulns/httpie/PYSEC-2019-23.yaml
• https://lists.debian.org/debian-lts-announce/2019/09/msg00031.html
• http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00003.html
• http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00022.html

Repository: https://github.com/jakubroztocil/httpie
Blast Radius: 31.6

Affected Packages