CVE-2019-10751
HIGH8.8EPSS 0.49%httpie - security update
發布日:2019/8/27修改日:2026/4/28
描述
All versions of the HTTPie package prior to version 1.0.3 are vulnerable to Open Redirect that allows an attacker to write an arbitrary file with supplied filename and content to the current directory, by redirecting a request from HTTP to a crafted URL pointing to a server in his or hers control.
受影響套件(4)
- Debian/httpiefrom 0, < 1.0.3-1
- Debian/httpiefrom 0, < 0.8.0-1+deb8u1
- PyPI/httpiefrom 0, < 1.0.3
- PyPI/httpiefrom 0, < 1.0.3
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
| osv | CVSS 3.1 | HIGH8.8 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
參考連結(10)
- ADVISORYhttps://github.com/advisories/GHSA-xjjg-vmw6-c2p9
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2019-10751
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2019-10751
- PATCHhttps://github.com/jakubroztocil/httpie
- WEBhttp://lists.opensuse.org/opensuse-security-announce/2019-09/msg00003.html
- WEBhttp://lists.opensuse.org/opensuse-security-announce/2019-09/msg00022.html
- WEBhttps://github.com/jakubroztocil/httpie/releases/tag/1.0.3
- WEBhttps://github.com/pypa/advisory-database/tree/main/vulns/httpie/PYSEC-2019-23.yaml
- WEBhttps://lists.debian.org/debian-lts-announce/2019/09/msg00031.html
- WEBhttps://snyk.io/vuln/SNYK-PYTHON-HTTPIE-460107