CVE-2019-10751 - All versions of the HTTPie package prior to version 1.0.3 are vulnerable to Open Redirect that allow

CVE-2019-10751

Summary

All versions of the HTTPie package prior to version 1.0.3 are vulnerable to Open Redirect that allows an attacker to write an arbitrary file with supplied filename and content to the current directory, by redirecting a request from HTTP to a crafted URL pointing to a server in his or hers control.

References

Vulnerable Configurations

cpe:2.3:a:httpie:httpie:*:*:*:*:*:*:*:*
cpe:2.3:a:httpie:httpie:*:*:*:*:*:*:*:*

CVSS

Base:	5.8 (as of 02-09-2019 - 18:15)
Impact:
Exploitability:

CWE

CWE-601

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:N

refmap via4

misc	https://github.com/jakubroztocil/httpie/releases/tag/1.0.3 https://snyk.io/vuln/SNYK-PYTHON-HTTPIE-460107
mlist	[debian-lts-announce] 20190928 [SECURITY] [DLA 1937-1] httpie security update
suse	openSUSE-SU-2019:2050 openSUSE-SU-2019:2089

Last major update

02-09-2019 - 18:15

Published

23-08-2019 - 17:15

Last modified

02-09-2019 - 18:15