Lucene search

Veracode Vulnerability DatabaseVERACODE:34558

HistoryMar 08, 2022 - 6:52 a.m.

Information Disclosure

2022-03-0806:52:11

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.002 Low

EPSS

Percentile

59.8%

JSON

httpie is vulnerable to information disclosure. The vulnerability exists when handling cookies because all cookies were shared across all hosts during the runtime including redirects to the 3rd party hosts which allows a malicious attacker to gain access to sensitive information.

CPENameOperatorVersion
httpiele3.0.2
httpiele3.0.2
httpie:sideq2.4.0-1
httpie:sideq2.2.0-2
httpie:bookwormeq2.4.0-1

Name	Operator	Version
httpie	le	3.0.2
httpie	le	3.0.2
httpie:sid	eq	2.4.0-1
httpie:sid	eq	2.2.0-2
httpie:bookworm	eq	2.4.0-1

References

github.com/httpie/httpie/commit/65ab7d5caaaf2f95e61f9dd65441801c2ddee38b

github.com/httpie/httpie/pull/1312

github.com/httpie/httpie/releases/tag/3.1.0

github.com/httpie/httpie/security/advisories/GHSA-9w4w-cpc8-h2fq

lists.fedoraproject.org/archives/list/[email protected]/message/4QZD2AZOL7XLNZVAV6GDNXYU6MFRU5RS/

lists.fedoraproject.org/archives/list/[email protected]/message/R5VYSYKEKVZEVEBIWAADGDXG4Y3EWCQ3/

lists.fedoraproject.org/archives/list/[email protected]/message/TXFCHGTW3V32GD6GXXJZE5QAOSDT3RTY/

0.002 Low

EPSS

Percentile

59.8%

JSON

Related for VERACODE:34558