EUVD-2025-48052

Malicious code in dono-gado-gado55-sukiwir npm...

OESA-2025-2358 python-httpie security update

HTTPie pronounced aitch-tee-tee-pie is a command-line HTTP client. Its goal is to make CLI interaction with web services as human-friendly as possible. HTTPie is designed for testing, debugging, and generally interacting with APIs HTTP servers. The http https commands allow for creating and sendi...

OESA-2025-2356 python-httpie security update

HTTPie pronounced aitch-tee-tee-pie is a command-line HTTP client. Its goal is to make CLI interaction with web services as human-friendly as possible. HTTPie is designed for testing, debugging, and generally interacting with APIs HTTP servers. The http https commands allow for creating and sendi...

CVE-2024-48052

creationtimestamp| type| source ---|---|--- 2024-11-05 01:19:05+00:00| seen| https://t.me/cvedetector/9795...

academic-chatgpt (>=0.3.0 <=0.4.1), africanwhisper (>=0.2.1 <=0.9.0) +163 more potentially affected by CVE-2024-48052 via gradio (>=1.7.7 <=4.42.0)

gradio PYPI version =1.7.7, =0.3.0, =0.2.1, =0.1.5, =0.0.6, =0.0.1, =0.8.11, =0.4.0, =0.7.0.dev134, =0.1.0rc1, =0.1.0rc2 - aqueduct-llm =0.0.1 and more Source cves: CVE-2024-48052 Source advisory: OSV:GHSA-3GF9-WV65-GWH9...

iddm (>=1.1.8b3 <=1.2.3), lazyllm (>=0.3.0 <=0.6.3) potentially affected by CVE-2024-48052 via gradio (>=5.0.0 <=5.0.0b10)

gradio PYPI version =5.0.0, =1.1.8b3, =0.3.0, =0.6.3 Source cves: CVE-2024-48052 Source advisory: SNYK:PYTHON-GRADIO-8342716...

CVE-2024-48052

In gradio =4.42.0, the gr.DownloadButton function has a hidden server-side request forgery SSRF vulnerability. The reason is that within the saveurltocache function, there are no restrictions on the URL, which allows access to local target resources. This can lead to the download of local resourc...

CVE-2024-48052

In gradio =4.42.0, the gr.DownloadButton function has a hidden server-side request forgery SSRF vulnerability. The reason is that within the saveurltocache function, there are no restrictions on the URL, which allows access to local target resources. This can lead to the download of local resourc...

SUSE CVE-2023-48052

Missing SSL certificate validation in HTTPie v3.2.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack...

dalineunit (>=0.0.31 <=0.0.69), encapsia-cli (>=0.1.8 <=0.5.1) +7 more potentially affected by CVE-2023-48052 via httpie (>=1.0.3 <=3.2.2)

httpie PYPI version =1.0.3, =0.0.31, =0.1.8, =0.0.14, =1.0.0, =2.0.0, =1.3.21, =1.9.24 - veracode-api-signing =21.3.0 Source cves: CVE-2023-48052 Source advisory: OSV:GHSA-8R96-8889-QG2X...

CVE-2023-48052 vulnerabilities

Vulnerabilities for packages: httpie...

CVE-2023-48052 vulnerabilities

Vulnerabilities for packages: httpie...

CVE-2023-48052

Missing SSL certificate validation in HTTPie v3.2.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack...

avaintegration-metapackage (>=6.0.4.3 <=6.0.5.32), dnastack-client-library (>=3.0.324 <=3.1.232) +66 more potentially affected by CVE-2023-48052 via httpie (>=3.2.1 <=3.2.4)

httpie PYPI version =3.2.1, =6.0.4.3, =3.0.324, =0.5.2, =1.0.0, =1.1.2, =0.1.1, =0.1.1, =0.0.1, =0.0.1, =0.1.0, =1.0.0 - httpie-consul =1.0.2 and more Source cves: CVE-2023-48052 Source advisory: OSV:PYSEC-2023-242...

UBUNTU-CVE-2023-48052

Missing SSL certificate validation in HTTPie v3.2.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack...

CVE-2023-48052

Missing SSL certificate validation in HTTPie v3.2.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack...

dalineunit (>=0.0.31 <=0.0.69), encapsia-cli (>=0.2.2 <=0.5.1) +4 more potentially affected by CVE-2023-48052 via httpie (>=2.0.0 <=2.6.0)

httpie PYPI version =2.0.0, =0.0.31, =0.2.2, =0.0.14, =1.3.21, =1.9.24 Source cves: CVE-2023-48052 Source advisory: OSV:PYSEC-2023-242...

CVE-2023-48052

CVE-2023-48052 affects HTTPie v3.2.2, where missing SSL certificate validation enables a network-based MITM, allowing eavesdropping and compromising confidentiality and integrity. CVSS v3.1 vectors reflect network access, high impact on confidentiality and integrity, and no user interaction requi...