FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-29 06:51:43 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
1e37fa3e-5988-4991-808f-eae98047e2af	py-httpie -- exposure of sensitive information vulnerabilities Glyph reports: HTTPie is a command-line HTTP client. HTTPie has the practical concept of sessions, which help users to persistently store some of the state that belongs to the outgoing requests and incoming responses on the disk for further usage. Before 3.1.0, HTTPie didn't distinguish between cookies and hosts they belonged. This behavior resulted in the exposure of some cookies when there are redirects originating from the actual host to a third party website. Users are advised to upgrade. There are no known workarounds. Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository httpie/httpie prior to 3.1.0. Discovery 2022-03-07 Entry 2023-08-31 py37-httpie py38-httpie py39-httpie py310-httpie py311-httpie < 3.1.0 CVE-2022-24737 https://osv.dev/vulnerability/PYSEC-2022-34 https://osv.dev/vulnerability/GHSA-9w4w-cpc8-h2fq CVE-2022-0430 https://osv.dev/vulnerability/PYSEC-2022-167 https://osv.dev/vulnerability/GHSA-6pc9-xqrg-wfqw

VuXML ID

Description

1e37fa3e-5988-4991-808f-eae98047e2af

py-httpie -- exposure of sensitive information vulnerabilities

Glyph reports:

HTTPie is a command-line HTTP client.

HTTPie has the practical concept of sessions, which help users to persistently store some of the state that belongs to the outgoing requests and incoming responses on the disk for further usage.

Before 3.1.0, HTTPie didn't distinguish between cookies and hosts they belonged.

This behavior resulted in the exposure of some cookies when there are redirects originating from the actual host to a third party website.

Users are advised to upgrade.

There are no known workarounds.

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository httpie/httpie prior to 3.1.0.

Discovery 2022-03-07
Entry 2023-08-31
py37-httpie
py38-httpie
py39-httpie
py310-httpie
py311-httpie

< 3.1.0

CVE-2022-24737
https://osv.dev/vulnerability/PYSEC-2022-34
https://osv.dev/vulnerability/GHSA-9w4w-cpc8-h2fq
CVE-2022-0430
https://osv.dev/vulnerability/PYSEC-2022-167
https://osv.dev/vulnerability/GHSA-6pc9-xqrg-wfqw