CVE-2019-10751
HIGHhttpie < 1.0.3 - Open Redirect and Arbitrary File Write via HTTP to Crafted URL
Title source: llmDescription
All versions of the HTTPie package prior to version 1.0.3 are vulnerable to Open Redirect that allows an attacker to write an arbitrary file with supplied filename and content to the current directory, by redirecting a request from HTTP to a crafted URL pointing to a server in his or hers control.
References (5)
Core 5
Core References
Exploit, Third Party Advisory x_refsource_misc
https://snyk.io/vuln/SNYK-PYTHON-HTTPIE-460107
Release Notes, Third Party Advisory x_refsource_misc
https://github.com/jakubroztocil/httpie/releases/tag/1.0.3
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00003.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00022.html
Mailing List mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2019/09/msg00031.html
Scores
CVSS v3
8.8
EPSS
0.0203
EPSS Percentile
78.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-601
Status
published
Products (2)
httpie/httpie
pypi/httpie
0 - 1.0.3PyPI
Published
Aug 23, 2019
Tracked Since
Feb 18, 2026