Source: httpie Version: 0.9.8-2 Severity: grave Tags: security upstream Justification: user security hole
Hi, The following vulnerability was published for httpie. CVE-2019-10751[0]: | All versions of the HTTPie package prior to version 1.0.3 are | vulnerable to Open Redirect that allows an attacker to write an | arbitrary file with supplied filename and content to the current | directory, by redirecting a request from HTTP to a crafted URL | pointing to a server in his or hers control. The issue is demostrable via the poc in [1]. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-10751 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10751 [1] https://snyk.io/vuln/SNYK-PYTHON-HTTPIE-460107 Regards, Salvatore
