You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
HTTPie is a command-line HTTP client. HTTPie has the practical concept of sessions, which help users to persistently store some of the state that belongs to the outgoing requests and incoming responses on the disk for further usage. Before 3.1.0, HTTPie didn‘t distinguish between cookies and hosts they belonged. This behavior resulted in the exposure of some cookies when there are redirects originating from the actual host to a third party website. Users are advised to upgrade. There are no known workarounds.
CVE-2022-24737 - Medium Severity Vulnerability
Vulnerable Library - httpie-0.2.0.tar.gz
HTTPie - a CLI, cURL-like tool for humans.
Library home page: https://files.pythonhosted.org/packages/37/ad/b2ce98d7db29eb071deea837f5fe8e382e81f27fb81fc77862a1d5f3fbac/httpie-0.2.0.tar.gz
Path to dependency file: /folder2/requirements.txt
Path to vulnerable library: /folder2/requirements.txt
Dependency Hierarchy:
Found in HEAD commit: 791b04c3cb959033a8316d3a840e94c302f01243
Found in base branch: master
Vulnerability Details
HTTPie is a command-line HTTP client. HTTPie has the practical concept of sessions, which help users to persistently store some of the state that belongs to the outgoing requests and incoming responses on the disk for further usage. Before 3.1.0, HTTPie didn‘t distinguish between cookies and hosts they belonged. This behavior resulted in the exposure of some cookies when there are redirects originating from the actual host to a third party website. Users are advised to upgrade. There are no known workarounds.
Publish Date: 2022-03-07
URL: CVE-2022-24737
CVSS 3 Score Details (6.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-9w4w-cpc8-h2fq
Release Date: 2022-03-07
Fix Resolution: httpie - 3.1.0
⛑️ Automatic Remediation is available for this issue
The text was updated successfully, but these errors were encountered: