CVE-2019-10751

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2019-10751
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-10751.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2019-10751
Aliases
Related
Published
2019-08-23T17:15:13Z
Modified
2024-09-11T06:12:57.134020Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

All versions of the HTTPie package prior to version 1.0.3 are vulnerable to Open Redirect that allows an attacker to write an arbitrary file with supplied filename and content to the current directory, by redirecting a request from HTTP to a crafted URL pointing to a server in his or hers control.

References

Affected packages

Debian:11 / httpie

Package

Name
httpie
Purl
pkg:deb/debian/httpie?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.0.3-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:12 / httpie

Package

Name
httpie
Purl
pkg:deb/debian/httpie?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.0.3-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / httpie

Package

Name
httpie
Purl
pkg:deb/debian/httpie?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.0.3-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}