Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

httpie: Open Redirect #1981

Closed
2 tasks done
KexyBiscuit opened this issue Aug 24, 2019 · 3 comments
Closed
2 tasks done

httpie: Open Redirect #1981

KexyBiscuit opened this issue Aug 24, 2019 · 3 comments
Labels
aosa-pending Pending AOSA (AOSC OS Security Advisory) assignment security Topic/issue involves a security issue/fixed upgrade Topic/issue involves a package upgrade

Comments

@KexyBiscuit
Copy link
Member

KexyBiscuit commented Aug 24, 2019
edited by MingcongBai
Loading

CVE IDs: CVE-2019-10751

Other security advisory IDs: SNYK-PYTHON-HTTPIE-460107, openSUSE-SU-2019:2050-1

Descriptions: All versions of the HTTPie package are vulnerable to Open Redirect that allows an attacker to write an arbitrary file with supplied filename and content to the current directory, by redirecting a request from HTTP to a crafted URL pointing to a server in his or hers control.

Patches: Changed the way the output filename is generated

PoC(s): SNYK-PYTHON-HTTPIE-460107

Architectural progress:

  • AMD64 amd64
  • AArch64 arm64
@KexyBiscuit KexyBiscuit added security Topic/issue involves a security issue/fixed to-stable labels Aug 24, 2019
@KexyBiscuit KexyBiscuit added this to the Summer 2019 milestone Aug 24, 2019
@KexyBiscuit KexyBiscuit mentioned this issue Sep 2, 2019
Closed
MingcongBai added a commit that referenced this issue Sep 2, 2019
@MingcongBai
httpie: update to 2.3.1; #1981
3b9fca3
@MingcongBai MingcongBai added to-testing upgrade Topic/issue involves a package upgrade and removed to-stable labels Apr 20, 2020
@MingcongBai
Copy link
Member

Fixed by updating to v2.3.1.

@MingcongBai
Copy link
Member

All done. @l2dy Please assign an AOSA.

@MingcongBai MingcongBai added the aosa-pending Pending AOSA (AOSC OS Security Advisory) assignment label Apr 28, 2020
@l2dy
Copy link
Member

l2dy commented Apr 30, 2020

Use AOSA-2020-0090.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
aosa-pending Pending AOSA (AOSC OS Security Advisory) assignment security Topic/issue involves a security issue/fixed upgrade Topic/issue involves a package upgrade
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@MingcongBai @KexyBiscuit @l2dy