EUVD-2023-0095

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2023-48052

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Missing SSL certificate validation in HTTPie v3.2.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack...

SUSE CVE-2023-48052

Missing SSL certificate validation in HTTPie v3.2.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack...

avaintegration-metapackage (>=6.0.4.3 <=6.0.4.13), dnastack-client-library (>=3.0.324 <=3.1.232) +66 more potentially affected by CVE-2023-48052 via httpie (>=3.2.1 <=3.2.4)

httpie PYPI version =3.2.1, =6.0.4.3, =3.0.324, =0.5.2, =1.0.0, =1.1.2, =0.1.1, =0.1.1, =0.0.1, =0.0.1, =0.1.0, =1.0.0 - httpie-consul =1.0.2 and more Source cves: CVE-2023-48052 Source advisory: OSV:PYSEC-2023-242...

encapsia-cli (>=0.1.8 <=0.2.1), httpie-credential-store (=1.0.0) +1 more potentially affected by CVE-2023-48052 via httpie (=1.0.3)

httpie PYPI version =1.0.3 is affected by a known vulnerability. The following packages have a transitive dependency on httpie and may be impacted: - encapsia-cli =0.1.8, =0.2.1 - httpie-credential-store =1.0.0 - veracode-api-signing =21.3.0 Source cves: CVE-2023-48052 Source advisory:...

PYSEC-2023-242

Missing SSL certificate validation in HTTPie v3.2.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack...

dalineunit (>=0.0.31 <=0.0.69), encapsia-cli (>=0.2.2 <=0.5.1) +4 more potentially affected by CVE-2023-48052 via httpie (>=2.0.0 <=2.6.0)

httpie PYPI version =2.0.0, =0.0.31, =0.2.2, =0.0.14, =1.3.21, =1.9.24 Source cves: CVE-2023-48052 Source advisory: OSV:PYSEC-2023-242...

HTTPie Security Vulnerability

HTTPie is a command line HTTP client. A security vulnerability exists in the HTTPie CLI version v3.2.2, which stems from a lack of SSL certificate validation, and allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack...

SUSE CVE-2019-10751

All versions of the HTTPie package prior to version 1.0.3 are vulnerable to Open Redirect that allows an attacker to write an arbitrary file with supplied filename and content to the current directory, by redirecting a request from HTTP to a crafted URL pointing to a server in his or hers control...

Information Disclosure

httpie is vulnerable to information disclosure. The vulnerability exists due to a lack of sanitization of cookies in persistent session allowing the cookies to be visible to all sites in that session...

dalineunit (>=0.0.31 <=0.0.69), encapsia-cli (>=0.1.8 <=0.5.1) +5 more potentially affected by CVE-2022-0430 via httpie (>=1.0.3 <=2.6.0)

httpie PYPI version =1.0.3, =0.0.31, =0.1.8, =0.0.14, =1.0.0, =1.3.21, =1.9.24 - veracode-api-signing =21.3.0 Source cves: CVE-2022-0430 Source advisory: OSV:GHSA-6PC9-XQRG-WFQW...

Information Disclosure

httpie is vulnerable to information disclosure. The vulnerability exists when handling cookies because all cookies were shared across all hosts during the runtime including redirects to the 3rd party hosts which allows a malicious attacker to gain access to sensitive information...

CVE-2022-24737 Exposure of Sensitive Information to an Unauthorized Actor in httpie

HTTPie is a command-line HTTP client. HTTPie has the practical concept of sessions, which help users to persistently store some of the state that belongs to the outgoing requests and incoming responses on the disk for further usage. Before 3.1.0, HTTPie didn‘t distinguish between cookies and host...

UBUNTU-CVE-2019-10751

All versions of the HTTPie package prior to version 1.0.3 are vulnerable to Open Redirect that allows an attacker to write an arbitrary file with supplied filename and content to the current directory, by redirecting a request from HTTP to a crafted URL pointing to a server in his or hers control...

PYSEC-2019-23

All versions of the HTTPie package prior to version 1.0.3 are vulnerable to Open Redirect that allows an attacker to write an arbitrary file with supplied filename and content to the current directory, by redirecting a request from HTTP to a crafted URL pointing to a server in his or hers control...

Open Redirect

Overview httpie is a command line HTTP client. Affected versions of this package are vulnerable to Open Redirect that allows an attacker to write an arbitrary file with supplied filename and content to the current directory, by redirecting a request from HTTP to a crafted URL pointing to a server...