{"url":"http://public2.vulnerablecode.io/api/packages/26841?format=json","purl":"pkg:pypi/httpie@3.0.2","type":"pypi","namespace":"","name":"httpie","version":"3.0.2","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"3.1.0","latest_non_vulnerable_version":"3.2.3","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36049?format=json","vulnerability_id":"VCID-2zwf-1hng-1qhv","summary":"HTTPie is a command-line HTTP client. HTTPie has the practical concept of sessions, which help users to persistently store some of the state that belongs to the outgoing requests and incoming responses on the disk for further usage. Before 3.1.0, HTTPie didn‘t distinguish between cookies and hosts they belonged. This behavior resulted in the exposure of some cookies when there are redirects originating from the actual host to a third party website. Users are advised to upgrade. There are no known workarounds.","references":[{"reference_url":"https://github.com/httpie/httpie","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/httpie/httpie"},{"reference_url":"https://github.com/httpie/httpie/commit/65ab7d5caaaf2f95e61f9dd65441801c2ddee38b","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/httpie/httpie/commit/65ab7d5caaaf2f95e61f9dd65441801c2ddee38b"},{"reference_url":"https://github.com/httpie/httpie/releases/tag/3.1.0","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/httpie/httpie/releases/tag/3.1.0"},{"reference_url":"https://github.com/httpie/httpie/security/advisories/GHSA-9w4w-cpc8-h2fq","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/httpie/httpie/security/advisories/GHSA-9w4w-cpc8-h2fq"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/httpie/PYSEC-2022-34.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/httpie/PYSEC-2022-34.yaml"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4QZD2AZOL7XLNZVAV6GDNXYU6MFRU5RS","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4QZD2AZOL7XLNZVAV6GDNXYU6MFRU5RS"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R5VYSYKEKVZEVEBIWAADGDXG4Y3EWCQ3","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R5VYSYKEKVZEVEBIWAADGDXG4Y3EWCQ3"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXFCHGTW3V32GD6GXXJZE5QAOSDT3RTY","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXFCHGTW3V32GD6GXXJZE5QAOSDT3RTY"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24737","reference_id":"CVE-2022-24737","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24737"},{"reference_url":"https://github.com/advisories/GHSA-9w4w-cpc8-h2fq","reference_id":"GHSA-9w4w-cpc8-h2fq","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-9w4w-cpc8-h2fq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/26842?format=json","purl":"pkg:pypi/httpie@3.1.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/httpie@3.1.0"}],"aliases":["CVE-2022-24737","GHSA-9w4w-cpc8-h2fq","PYSEC-2022-34"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2zwf-1hng-1qhv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36058?format=json","vulnerability_id":"VCID-gh63-eg4m-bbcr","summary":"Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository httpie/httpie prior to 3.1.0.","references":[{"reference_url":"https://github.com/advisories/GHSA-6pc9-xqrg-wfqw","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-6pc9-xqrg-wfqw"},{"reference_url":"https://github.com/httpie/httpie","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/httpie/httpie"},{"reference_url":"https://github.com/httpie/httpie/commit/65ab7d5caaaf2f95e61f9dd65441801c2ddee38b","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/httpie/httpie/commit/65ab7d5caaaf2f95e61f9dd65441801c2ddee38b"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/httpie/PYSEC-2022-167.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/httpie/PYSEC-2022-167.yaml"},{"reference_url":"https://huntr.dev/bounties/dafb2e4f-c6b6-4768-8ef5-b396cd6a801f","reference_id":"","reference_type":"","scores":[],"url":"https://huntr.dev/bounties/dafb2e4f-c6b6-4768-8ef5-b396cd6a801f"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0430","reference_id":"CVE-2022-0430","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0430"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/26842?format=json","purl":"pkg:pypi/httpie@3.1.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/httpie@3.1.0"}],"aliases":["CVE-2022-0430","GHSA-6pc9-xqrg-wfqw","PYSEC-2022-167"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gh63-eg4m-bbcr"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/httpie@3.0.2"}