ByteOS Network

NVD Vulnerability Details :

CVE-2019-10751

Modified

Source-report@snyk.io

Published At-23 Aug, 2019 | 17:15

Updated At-02 Sep, 2019 | 18:15

All versions of the HTTPie package prior to version 1.0.3 are vulnerable to Open Redirect that allows an attacker to write an arbitrary file with supplied filename and content to the current directory, by redirecting a request from HTTP to a crafted URL pointing to a server in his or hers control.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.0	8.8	HIGH	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary	2.0	5.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:N

Type: Primary

Version: 3.0

Base score: 8.8

Base severity: HIGH

Vector:

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Type: Primary

Version: 2.0

Base score: 5.8

Base severity: MEDIUM

Vector:

AV:N/AC:M/Au:N/C:P/I:P/A:N

CPE Matches

httpie>>httpie>>*

cpe:2.3:a:httpie:httpie:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-601	Primary	nvd@nist.gov

CWE ID: CWE-601

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00003.html	report@snyk.io	N/A
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00022.html	report@snyk.io	N/A
https://github.com/jakubroztocil/httpie/releases/tag/1.0.3	report@snyk.io	Release Notes Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/09/msg00031.html	report@snyk.io	N/A
https://snyk.io/vuln/SNYK-PYTHON-HTTPIE-460107	report@snyk.io	Exploit Third Party Advisory