Vulnerability Description
All versions of the HTTPie package prior to version 1.0.3 are vulnerable to Open Redirect that allows an attacker to write an arbitrary file with supplied filename and content to the current directory, by redirecting a request from HTTP to a crafted URL pointing to a server in his or hers control.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Httpie | Httpie | All versions |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00003.html
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00022.html
- https://github.com/jakubroztocil/httpie/releases/tag/1.0.3Release NotesThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2019/09/msg00031.html
- https://snyk.io/vuln/SNYK-PYTHON-HTTPIE-460107ExploitThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00003.html
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00022.html
- https://github.com/jakubroztocil/httpie/releases/tag/1.0.3Release NotesThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2019/09/msg00031.html
- https://snyk.io/vuln/SNYK-PYTHON-HTTPIE-460107ExploitThird Party Advisory
FAQ
What is CVE-2019-10751?
CVE-2019-10751 is a vulnerability with a CVSS score of 8.8 (HIGH). All versions of the HTTPie package prior to version 1.0.3 are vulnerable to Open Redirect that allows an attacker to write an arbitrary file with supplied filename and content to the current directory...
How severe is CVE-2019-10751?
CVE-2019-10751 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-10751?
Check the references section above for vendor advisories and patch information. Affected products include: Httpie Httpie.