GHSA-8r96-8889-qg2x

Опубликовано: 16 нояб. 2023

Источник: github

Github: Прошло ревью

CVSS3: 7.4

Описание

HTTPie allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack

Missing SSL certificate validation in HTTPie v3.2.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack.

Ссылки

Пакеты

Наименование

httpie

pip

Затронутые версииВерсия исправления

<= 3.2.2

3.2.3

EPSS

Процентиль: 32%

0.00122

Низкий

7.4 High

CVSS3

CVE ID

CVE-2023-48052

Дефекты

CWE-295

CWE-599

Связанные уязвимости

CVE-2023-48052

CVSS3: 7.4

ubuntu

около 2 лет назад

Missing SSL certificate validation in HTTPie v3.2.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack.

CVE-2023-48052

CVSS3: 7.4

nvd

около 2 лет назад

Missing SSL certificate validation in HTTPie v3.2.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack.

CVE-2023-48052

CVSS3: 7.4

debian

около 2 лет назад

Missing SSL certificate validation in HTTPie v3.2.2 allows attackers t ...

EPSS

Процентиль: 32%

0.00122

Низкий

7.4 High

CVSS3

CVE ID

CVE-2023-48052

Дефекты

CWE-295

CWE-599