CVE-2019-10751

Опубликовано: 23 авг. 2019

Источник: nvd

CVSS3: 8.8

CVSS2: 5.8

EPSS Низкий

Описание

All versions of the HTTPie package prior to version 1.0.3 are vulnerable to Open Redirect that allows an attacker to write an arbitrary file with supplied filename and content to the current directory, by redirecting a request from HTTP to a crafted URL pointing to a server in his or hers control.

Ссылки

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00022.html
https://github.com/jakubroztocil/httpie/releases/tag/1.0.3
Release Notes
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/09/msg00031.html
https://snyk.io/vuln/SNYK-PYTHON-HTTPIE-460107
Exploit
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00022.html
https://github.com/jakubroztocil/httpie/releases/tag/1.0.3
Release Notes
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/09/msg00031.html
https://snyk.io/vuln/SNYK-PYTHON-HTTPIE-460107
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:httpie:httpie:*:*:*:*:*:*:*:*

EPSS

Процентиль: 65%

0.00492

Низкий

8.8 High

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-601

Связанные уязвимости

CVE-2019-10751

CVSS3: 8.8

ubuntu

больше 6 лет назад

CVE-2019-10751

CVSS3: 8.8

debian

больше 6 лет назад

All versions of the HTTPie package prior to version 1.0.3 are vulnerab ...

openSUSE-SU-2019:2050-1

suse-cvrf

больше 6 лет назад

Security update for httpie

GHSA-xjjg-vmw6-c2p9

CVSS3: 8.8

github

больше 6 лет назад

Open Redirect in httpie

EPSS

Процентиль: 65%

0.00492

Низкий

8.8 High

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-601