VDB
CVE-2019-10751
CVE-2019-10751
PUBLISHED
All versions of the HTTPie package prior to version 1.0.3 are vulnerable to Open Redirect that allows an attacker to write an arbitrary file with supplied filename and content to the current directory, by redirecting a request from HTTP to a crafted URL pointing to a server in his or hers control.
EPSS 0.49% · 66.0th percentile
Risk Scores
EPSS Score
0.49%
66.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:Pro:14.04:LTS | httpie | 0.3.1-1, 0, 0.8.0-1 |
| Ubuntu:18.04:LTS | httpie | 0, 0.9.8-2 |
| Ubuntu:16.04:LTS | httpie | 0.9.2-0.1, 0.9.2-1, 0 |
Timeline
- Aug 23, 2019 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 22, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 27, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Nov 5, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2019-10751 third-party-advisory
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00003.html third-party-advisory
- https://github.com/jakubroztocil/httpie/releases/tag/1.0.3 third-party-advisory
- https://snyk.io/vuln/SNYK-PYTHON-HTTPIE-460107 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2019-10751 third-party-advisory