Lucene search

K

GoogleOSV:GHSA-8R96-8889-QG2X

HistoryNov 16, 2023 - 6:30 p.m.

HTTPie allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack

2023-11-1618:30:31

Google

osv.dev

9

httpie

eavesdropping

ssl certificate

7.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.7%

Missing SSL certificate validation in HTTPie v3.2.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack.

CPENameOperatorVersion
httpieeq0.2.2
httpieeq0.2.4de
httpieeq0.5.1
httpieeq0.9.6
httpieeq0.1.2
httpieeq0.6.0
httpieeq0.9.2
httpieeq0.5.0
httpieeq3.0.1
httpieeq0.9.1

Rows per page:

1-10 of 531

References

github.com/httpie/cli

github.com/httpie/cli/blob/master/httpie/client.py#L33

github.com/httpie/cli/blob/master/httpie/internal/update_warnings.py#L44

github.com/pypa/advisory-database/tree/main/vulns/httpie/PYSEC-2023-242.yaml

gxx777.github.io/HTTPie_3.2.2_Cryptographic_API_Misuse_Vulnerability.md

nvd.nist.gov/vuln/detail/CVE-2023-48052

7.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.7%

Related for OSV:GHSA-8R96-8889-QG2X

veracode1 github1 alpinelinux1 prion1 nvd1 debiancve1 ubuntucve1 cve1 osv2 cvelist1