CVE-2019-10751 — Open Redirect in Httpie

CWE-601 — Open Redirect8 documents5 sources

Severity

8.8HIGHNVD

EPSS

0.5%

top 34.32%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Httpie Debian Httpie

Timeline

PublishedAug 23

Latest updateSep 11

Description

All versions of the HTTPie package prior to version 1.0.3 are vulnerable to Open Redirect that allows an attacker to write an arbitrary file with supplied filename and content to the current directory, by redirecting a request from HTTP to a crafted URL pointing to a server in his or hers control.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

▶PyPIhttpie/httpie< 1.0.3

▶debiandebian/httpie< httpie 1.0.3-1 (bookworm)

▶Debianhttpie/httpie< 1.0.3-1+3

🔴Vulnerability Details

GHSA

Open Redirect in httpie↗2019-08-27

▶

OSV

Open Redirect in httpie↗2019-08-27

▶

OSV

CVE-2019-10751: All versions of the HTTPie package prior to version 1↗2019-08-23

▶

📋Vendor Advisories

Debian

CVE-2019-10751: httpie - All versions of the HTTPie package prior to version 1.0.3 are vulnerable to Open...↗2019

▶

💬Community

Bugzilla

CVE-2019-10751 httpie: url redirection vulnerability allows attacker to write arbitrary file [fedora-all]↗2019-09-11

▶

Bugzilla

CVE-2019-10751 httpie: url redirection vulnerability allows attacker to write arbitrary file↗2019-09-11

▶

Bugzilla

CVE-2019-10751 httpie: url redirection vulnerability allows attacker to write arbitrary file [epel-7]↗2019-09-11

▶