VulnerableCode Package Details - pkg:pypi/httpie@0.9.1

Search for packages

Vulnerability	Summary	Fixed by
VCID-21mn-an3r-9kc5 Aliases: CVE-2019-10751 GHSA-xjjg-vmw6-c2p9 PYSEC-2019-23 SNYK-PYTHON-HTTPIE-460107	All versions of the HTTPie package prior to version 1.0.3 are vulnerable to Open Redirect that allows an attacker to write an arbitrary file with supplied filename and content to the current directory, by redirecting a request from HTTP to a crafted URL pointing to a server in his or hers control.	1.0.3 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-2zwf-1hng-1qhv Aliases: CVE-2022-24737 GHSA-9w4w-cpc8-h2fq PYSEC-2022-34	HTTPie is a command-line HTTP client. HTTPie has the practical concept of sessions, which help users to persistently store some of the state that belongs to the outgoing requests and incoming responses on the disk for further usage. Before 3.1.0, HTTPie didnâ€˜t distinguish between cookies and hosts they belonged. This behavior resulted in the exposure of some cookies when there are redirects originating from the actual host to a third party website. Users are advised to upgrade. There are no known workarounds.	3.1.0 Affected by 0 other vulnerabilities.
VCID-gh63-eg4m-bbcr Aliases: CVE-2022-0430 GHSA-6pc9-xqrg-wfqw PYSEC-2022-167	Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository httpie/httpie prior to 3.1.0.	3.1.0 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-21mn-an3r-9kc5
Aliases:
CVE-2019-10751
GHSA-xjjg-vmw6-c2p9
PYSEC-2019-23
SNYK-PYTHON-HTTPIE-460107

All versions of the HTTPie package prior to version 1.0.3 are vulnerable to Open Redirect that allows an attacker to write an arbitrary file with supplied filename and content to the current directory, by redirecting a request from HTTP to a crafted URL pointing to a server in his or hers control.

1.0.3
Affected by 2 other vulnerabilities.

VCID-2zwf-1hng-1qhv
Aliases:
CVE-2022-24737
GHSA-9w4w-cpc8-h2fq
PYSEC-2022-34

HTTPie is a command-line HTTP client. HTTPie has the practical concept of sessions, which help users to persistently store some of the state that belongs to the outgoing requests and incoming responses on the disk for further usage. Before 3.1.0, HTTPie didnâ€˜t distinguish between cookies and hosts they belonged. This behavior resulted in the exposure of some cookies when there are redirects originating from the actual host to a third party website. Users are advised to upgrade. There are no known workarounds.

3.1.0
Affected by 0 other vulnerabilities.

VCID-gh63-eg4m-bbcr
Aliases:
CVE-2022-0430
GHSA-6pc9-xqrg-wfqw
PYSEC-2022-167

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository httpie/httpie prior to 3.1.0.

3.1.0
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-02T04:17:09.141811+00:00	Pypa Importer	Affected by	VCID-gh63-eg4m-bbcr	https://github.com/pypa/advisory-database/blob/main/vulns/httpie/PYSEC-2022-167.yaml	38.6.0
2026-06-02T04:17:07.075602+00:00	Pypa Importer	Affected by	VCID-2zwf-1hng-1qhv	https://github.com/pypa/advisory-database/blob/main/vulns/httpie/PYSEC-2022-34.yaml	38.6.0
2026-06-02T04:05:50.356223+00:00	Pypa Importer	Affected by	VCID-21mn-an3r-9kc5	https://github.com/pypa/advisory-database/blob/main/vulns/httpie/PYSEC-2019-23.yaml	38.6.0