CVE-2019-10751
httpie - security update
8.8
HIGH
CVSS 3.1
EPSS 0.48%
Description
All versions of the HTTPie package prior to version 1.0.3 are vulnerable to Open Redirect that allows an attacker to write an arbitrary file with supplied filename and content to the current directory, by redirecting a request from HTTP to a crafted URL pointing to a server in his or hers control.
How to fix CVE-2019-10751
To remediate CVE-2019-10751, upgrade the affected package to a fixed version below.
- —upgrade to 1.0.3-1 or later
- —upgrade to 0.8.0-1+deb8u1 or later
- —upgrade to 1.0.3 or later
- —upgrade to 1.0.3 or later
Is CVE-2019-10751 being exploited?
Low — EPSS is 0.5%, meaning exploitation activity has not been observed at scale.
Affected packages (4)
- from 0, < 1.0.3-1
- from 0, < 0.8.0-1+deb8u1
- from 0, < 1.0.3
- from 0, < 1.0.3
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
| osv | CVSS 3.1 | HIGH8.8 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |