4 matches found
CVE-2023-48052
CVE-2023-48052 affects HTTPie v3.2.2, where missing SSL certificate validation enables a network-based MITM, allowing eavesdropping and compromising confidentiality and integrity. CVSS v3.1 vectors reflect network access, high impact on confidentiality and integrity, and no user interaction requi...
CVE-2019-10751
CVE-2019-10751 affects HTTPie: Open Redirect vulnerability in all versions prior to 1.0.3 that allows an attacker to write an arbitrary file with supplied filename and content to the current directory by redirecting an HTTP request to a crafted URL under attacker control. Remediation: upgrade HTT...
CVE-2022-24737
CVE-2022-24737 affects the HTTPie command-line HTTP client. Before 3.1.0, HTTPie did not distinguish between cookies and the hosts they belonged to, which could lead to exposure of some cookies when redirects occur from the actual host to a third-party site. Public advisories and vendor notes con...
CVE-2022-0430
CVE-2022-0430 affects HTTPie up to version 3.0.x (prior to 3.1.0). The root cause is that before 3.1.0, HTTPie’s session handling did not distinguish between cookies and their hosts, allowing cookies to be exposed during redirects to third-party sites. This led to exposure of sensitive informatio...