CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0430 – Exposure of Sensitive Information to an Unauthorized Actor in httpie/httpie
https://notcve.org/view.php?id=CVE-2022-0430
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository httpie/httpie prior to 3.1.0. Una Exposición de Información confidencial a un Actor no Autorizado en el repositorio de GitHub httpie/httpie versiones anteriores a 3.1.0 • https://github.com/httpie/httpie/commit/65ab7d5caaaf2f95e61f9dd65441801c2ddee38b https://huntr.dev/bounties/dafb2e4f-c6b6-4768-8ef5-b396cd6a801f • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 1CVE-2022-24737 – Exposure of Sensitive Information to an Unauthorized Actor in httpie
https://notcve.org/view.php?id=CVE-2022-24737
HTTPie is a command-line HTTP client. HTTPie has the practical concept of sessions, which help users to persistently store some of the state that belongs to the outgoing requests and incoming responses on the disk for further usage. Before 3.1.0, HTTPie didn‘t distinguish between cookies and hosts they belonged. This behavior resulted in the exposure of some cookies when there are redirects originating from the actual host to a third party website. Users are advised to upgrade. • https://github.com/httpie/httpie/commit/65ab7d5caaaf2f95e61f9dd65441801c2ddee38b https://github.com/httpie/httpie/releases/tag/3.1.0 https://github.com/httpie/httpie/security/advisories/GHSA-9w4w-cpc8-h2fq https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QZD2AZOL7XLNZVAV6GDNXYU6MFRU5RS https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R5VYSYKEKVZEVEBIWAADGDXG4Y3EWCQ3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org&#x • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •