CVE-2023-48052 — Improper Certificate Validation in Httpie

CWE-295 — Improper Certificate Validation CWE-599 — Missing Validation of OpenSSL Certificate5 documents4 sources

Severity

7.4HIGHNVD

EPSS

0.1%

top 70.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Httpie Debian Httpie

Timeline

PublishedNov 16

Description

Missing SSL certificate validation in HTTPie v3.2.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 2.2 | Impact: 5.2

Affected Packages3 packages

▶PyPIhttpie/httpie< 3.2.3

▶NVDhttpie/httpie3.2.2

▶debiandebian/httpie

🔴Vulnerability Details

OSV

CVE-2023-48052: Missing SSL certificate validation in HTTPie v3↗2023-11-16

▶

OSV

HTTPie allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack↗2023-11-16

▶

GHSA

HTTPie allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack↗2023-11-16

▶

📋Vendor Advisories

Debian

CVE-2023-48052: httpie - Missing SSL certificate validation in HTTPie v3.2.2 allows attackers to eavesdro...↗2023

▶