CVE-2022-24737Sensitive Information Exposure in Httpie

CWE-200Sensitive Information Exposure6 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
0.6%
top 30.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
HttpieDebian HttpieFedoraproject Fedora
Timeline
PublishedMar 7

Description

HTTPie is a command-line HTTP client. HTTPie has the practical concept of sessions, which help users to persistently store some of the state that belongs to the outgoing requests and incoming responses on the disk for further usage. Before 3.1.0, HTTPie didn‘t distinguish between cookies and hosts they belonged. This behavior resulted in the exposure of some cookies when there are redirects originating from the actual host to a third party website. Users are advised to upgrade. There are no know

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

NVDhttpie/httpie< 3.1.0
PyPIhttpie/httpie< 3.1.0+1
debiandebian/httpie< httpie 3.2.1-1 (bookworm)
Debianhttpie/httpie< 3.2.1-1+2

Also affects: Fedora 34, 35, 36

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

4
GHSA
Exposure of Sensitive Information to an Unauthorized Actor in httpie2022-03-07
OSV
CVE-2022-24737: HTTPie is a command-line HTTP client2022-03-07
OSV
Exposure of Sensitive Information to an Unauthorized Actor in httpie2022-03-07
OSV
CVE-2022-24737: HTTPie is a command-line HTTP client2022-03-07

📋Vendor Advisories

1
Debian
CVE-2022-24737: httpie - HTTPie is a command-line HTTP client. HTTPie has the practical concept of sessio...2022
CVE-2022-24737 — Sensitive Information Exposure | cvebase