Source: httpie
Version: 0.9.8-2
Severity: grave
Tags: security upstream
Justification: user security hole


The following vulnerability was published for httpie.

| All versions of the HTTPie package prior to version 1.0.3 are
| vulnerable to Open Redirect that allows an attacker to write an
| arbitrary file with supplied filename and content to the current
| directory, by redirecting a request from HTTP to a crafted URL
| pointing to a server in his or hers control.

The issue is demostrable via the poc in [1].

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:



Reply via email to