All versions of the HTTPie package prior to version 1.0.3 are vulnerable to Open Redirect that allows an attacker to write an arbitrary file with supplied filename and content to the current directory, by redirecting a request from HTTP to a crafted URL pointing to a server in his or hers control.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - All versions of the HTTPie package prior to version 1.0.3 are vulnerable to Open Redirect that allows an     attacker to write an arbitrary file with supplied filename and content to the current directory, by     redirecting a request from HTTP to a crafted URL pointing to a server in his or hers control.
    (CVE-2019-10751)

Note that Nessus relies on the presence of the package as reported by the vendor.

An open redirect, that allows an attacker to write an arbitrary file with supplied filename and content to the current directory, by redirecting a request from HTTP to a crafted URL pointing to a server in his or hers control, was found and reported in CVE-2019-10751. This was patched upstream and so when `--download` without `--output` results in a redirect, now only the initial URL is considered, not the final one.

For Debian 8 'Jessie', this problem has been fixed in version 0.8.0-1+deb8u1.

We recommend that you upgrade your httpie packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for httpie fixes the following issues :

httpie was updated to version 1.0.3 :

  - Fix CVE-2019-10751 (HTTPie is volnerable to Open     Redirect that allows an attacker to write an arbitrary     file with supplied filename and content to the current     directory, by redirecting a request from HTTP to a     crafted URL pointing to a server in his or hers control.
    (bsc#1148466)

ID	Name	Product	Family	Severity
256118	Linux Distros Unpatched Vulnerability : CVE-2019-10751	Nessus	Misc.	high
129411	Debian DLA-1937-1 : httpie security update	Nessus	Debian Local Security Checks	high
128459	openSUSE Security Update : httpie (openSUSE-2019-2050)	Nessus	SuSE Local Security Checks	high

Detections

Analytics

CVE-2019-10751

high

Tenable Plugins

high

high

high