CVE-2022-0430
LOW2.4EPSS 0.32%Exposure of Sensitive information in httpie
發布日:2022/3/16修改日:2024/11/19
描述
httpie is a modern, user-friendly command-line HTTP client for the API era. Prior to version 3.1.0, all cookies saved to session storage are supercookies. At this time, there is no known workaround. Users are recommended to update to version 3.1.0.
受影響套件(3)
- Debian/httpiefrom 0
- PyPI/httpiefrom 0, < 3.1.0
- PyPI/httpiefrom 0, < 65ab7d5caaaf2f95e61f9dd65441801c2ddee38b | from 0, < 3.1.0
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
| osv | CVSS 3.1 | LOW2.4 | CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N |
參考連結(7)
- ADVISORYhttps://github.com/advisories/GHSA-6pc9-xqrg-wfqw
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-0430
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2022-0430
- PATCHhttps://github.com/httpie/httpie
- WEBhttps://github.com/httpie/httpie/commit/65ab7d5caaaf2f95e61f9dd65441801c2ddee38b
- WEBhttps://github.com/pypa/advisory-database/tree/main/vulns/httpie/PYSEC-2022-167.yaml
- WEBhttps://huntr.dev/bounties/dafb2e4f-c6b6-4768-8ef5-b396cd6a801f