Lucene search

K

GoogleOSV:PYSEC-2019-23

HistoryAug 23, 2019 - 5:15 p.m.

PYSEC-2019-23

2019-08-2317:15:00

Google

osv.dev

10

EPSS

0.005

Percentile

76.9%

All versions of the HTTPie package prior to version 1.0.3 are vulnerable to Open Redirect that allows an attacker to write an arbitrary file with supplied filename and content to the current directory, by redirecting a request from HTTP to a crafted URL pointing to a server in his or hers control.

References

lists.opensuse.org/opensuse-security-announce/2019-09/msg00003.html

lists.opensuse.org/opensuse-security-announce/2019-09/msg00022.html

github.com/advisories/GHSA-xjjg-vmw6-c2p9

github.com/jakubroztocil/httpie/releases/tag/1.0.3

lists.debian.org/debian-lts-announce/2019/09/msg00031.html

snyk.io/vuln/SNYK-PYTHON-HTTPIE-460107

EPSS

0.005

Percentile

76.9%

Related for OSV:PYSEC-2019-23

openvas3 cvelist1 osv3 suse2 debian1 ubuntucve1 nessus2 mageia1 github1 alpinelinux1 veracode1 debiancve1 prion1 cve1 nvd1