4 results (0.001 seconds)

CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0

Missing SSL certificate validation in HTTPie v3.2.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack. La falta de validación del certificado SSL en HTTPie v3.2.2 permite a los atacantes espiar las comunicaciones entre el host y el servidor mediante un ataque de intermediario. • https://gxx777.github.io/HTTPie_3.2.2_Cryptographic_API_Misuse_Vulnerability.md • CWE-295: Improper Certificate Validation CWE-599: Missing Validation of OpenSSL Certificate •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository httpie/httpie prior to 3.1.0. Una Exposición de Información confidencial a un Actor no Autorizado en el repositorio de GitHub httpie/httpie versiones anteriores a 3.1.0 • https://github.com/httpie/httpie/commit/65ab7d5caaaf2f95e61f9dd65441801c2ddee38b https://huntr.dev/bounties/dafb2e4f-c6b6-4768-8ef5-b396cd6a801f • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 1

HTTPie is a command-line HTTP client. HTTPie has the practical concept of sessions, which help users to persistently store some of the state that belongs to the outgoing requests and incoming responses on the disk for further usage. Before 3.1.0, HTTPie didn‘t distinguish between cookies and hosts they belonged. This behavior resulted in the exposure of some cookies when there are redirects originating from the actual host to a third party website. Users are advised to upgrade. • https://github.com/httpie/httpie/commit/65ab7d5caaaf2f95e61f9dd65441801c2ddee38b https://github.com/httpie/httpie/releases/tag/3.1.0 https://github.com/httpie/httpie/security/advisories/GHSA-9w4w-cpc8-h2fq https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QZD2AZOL7XLNZVAV6GDNXYU6MFRU5RS https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R5VYSYKEKVZEVEBIWAADGDXG4Y3EWCQ3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org&#x • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

All versions of the HTTPie package prior to version 1.0.3 are vulnerable to Open Redirect that allows an attacker to write an arbitrary file with supplied filename and content to the current directory, by redirecting a request from HTTP to a crafted URL pointing to a server in his or hers control. Todas las versiones del paquete HTTPie anteriores a la versión 1.0.3 son vulnerables a Open Redirect que permite a un atacante escribir un archivo arbitrario con el nombre de archivo y el contenido proporcionados al directorio actual, redireccionando una solicitud de HTTP a una URL diseñada que apunta a una servidor en su control. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00022.html https://github.com/jakubroztocil/httpie/releases/tag/1.0.3 https://lists.debian.org/debian-lts-announce/2019/09/msg00031.html https://snyk.io/vuln/SNYK-PYTHON-HTTPIE-460107 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •