CVE-2019-10751

NameCVE-2019-10751
DescriptionAll versions of the HTTPie package prior to version 1.0.3 are vulnerable to Open Redirect that allows an attacker to write an arbitrary file with supplied filename and content to the current directory, by redirecting a request from HTTP to a crafted URL pointing to a server in his or hers control.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium (attack range: remote)
Debian Bugs940058

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
httpie (PTS)jessie0.8.0-1vulnerable
stretch0.9.8-1vulnerable
buster, bullseye, sid0.9.8-2vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
httpiesource(unstable)(unfixed)medium940058

Notes

[buster] - httpie <no-dsa> (Minor issue)
[stretch] - httpie <no-dsa> (Minor issue)
https://snyk.io/vuln/SNYK-PYTHON-HTTPIE-460107
https://github.com/jakubroztocil/httpie/commit/df36d6255df5793129b02ac82f1010171bd8a0a8

Search for package or bug name: Reporting problems