CVE-2022-0430
LOW2.4EPSS 0.32%Exposure of Sensitive information in httpie
Published: 3/16/2022Modified: 11/19/2024
Description
httpie is a modern, user-friendly command-line HTTP client for the API era. Prior to version 3.1.0, all cookies saved to session storage are supercookies. At this time, there is no known workaround. Users are recommended to update to version 3.1.0.
Affected packages (3)
- Debian/httpiefrom 0
- PyPI/httpiefrom 0, < 3.1.0
- PyPI/httpiefrom 0, < 65ab7d5caaaf2f95e61f9dd65441801c2ddee38b | from 0, < 3.1.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
| osv | CVSS 3.1 | LOW2.4 | CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N |
References (7)
- ADVISORYhttps://github.com/advisories/GHSA-6pc9-xqrg-wfqw
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-0430
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2022-0430
- PATCHhttps://github.com/httpie/httpie
- WEBhttps://github.com/httpie/httpie/commit/65ab7d5caaaf2f95e61f9dd65441801c2ddee38b
- WEBhttps://github.com/pypa/advisory-database/tree/main/vulns/httpie/PYSEC-2022-167.yaml
- WEBhttps://huntr.dev/bounties/dafb2e4f-c6b6-4768-8ef5-b396cd6a801f