CVE-2019-10751

Sažetak

All versions of the HTTPie package prior to version 1.0.3 are vulnerable to Open Redirect that allows an attacker to write an arbitrary file with supplied filename and content to the current directory, by redirecting a request from HTTP to a crafted URL pointing to a server in his or hers control.

Reference

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00022.html
https://github.com/jakubroztocil/httpie/releases/tag/1.0.3
https://lists.debian.org/debian-lts-announce/2019/09/msg00031.html
https://snyk.io/vuln/SNYK-PYTHON-HTTPIE-460107

CVSS

Base:	5.8
Impact:	4.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:P/A:N

Zadnje važnije ažuriranje

02-09-2019 - 18:15

Objavljeno

23-08-2019 - 17:15