httpie is vulnerable to information disclosure. The vulnerability exists when handling cookies because all cookies were shared across all hosts during the runtime including redirects to the 3rd party hosts which allows a malicious attacker to gain access to sensitive information.
CPE | Name | Operator | Version |
---|---|---|---|
httpie | le | 3.0.2 | |
httpie | le | 3.0.2 | |
httpie:sid | eq | 2.4.0-1 | |
httpie:sid | eq | 2.2.0-2 | |
httpie:bookworm | eq | 2.4.0-1 |
github.com/httpie/httpie/commit/65ab7d5caaaf2f95e61f9dd65441801c2ddee38b
github.com/httpie/httpie/pull/1312
github.com/httpie/httpie/releases/tag/3.1.0
github.com/httpie/httpie/security/advisories/GHSA-9w4w-cpc8-h2fq
lists.fedoraproject.org/archives/list/[email protected]/message/4QZD2AZOL7XLNZVAV6GDNXYU6MFRU5RS/
lists.fedoraproject.org/archives/list/[email protected]/message/R5VYSYKEKVZEVEBIWAADGDXG4Y3EWCQ3/
lists.fedoraproject.org/archives/list/[email protected]/message/TXFCHGTW3V32GD6GXXJZE5QAOSDT3RTY/