Опубликовано: 16 мар. 2022
Источник: github
Github: Прошло ревью
CVSS4: 4.8
CVSS3: 2.4
Описание
Exposure of Sensitive information in httpie
httpie is a modern, user-friendly command-line HTTP client for the API era. Prior to version 3.1.0, all cookies saved to session storage are supercookies. At this time, there is no known workaround. Users are recommended to update to version 3.1.0.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2022-0430
- https://github.com/httpie/httpie/commit/65ab7d5caaaf2f95e61f9dd65441801c2ddee38b
- https://github.com/advisories/GHSA-6pc9-xqrg-wfqw
- https://github.com/pypa/advisory-database/tree/main/vulns/httpie/PYSEC-2022-167.yaml
- https://huntr.dev/bounties/dafb2e4f-c6b6-4768-8ef5-b396cd6a801f
Пакеты
Наименование
httpie
pip
Затронутые версииВерсия исправления
< 3.1.0
3.1.0
Связанные уязвимости
CVSS3: 5.3
ubuntu
почти 4 года назад
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository httpie/httpie prior to 3.1.0.
CVSS3: 5.3
nvd
почти 4 года назад
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository httpie/httpie prior to 3.1.0.
CVSS3: 5.3
debian
почти 4 года назад
Exposure of Sensitive Information to an Unauthorized Actor in GitHub r ...