High severityNVD Advisory· Published Nov 16, 2023· Updated Aug 14, 2024
CVE-2023-48052
CVE-2023-48052
Description
Missing SSL certificate validation in HTTPie v3.2.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
httpiePyPI | < 3.2.3 | 3.2.3 |
Affected products
6- HTTPie/HTTPiedescription
- osv-coords5 versionspkg:apk/chainguard/httpiepkg:apk/chainguard/httpie-docpkg:apk/wolfi/httpiepkg:apk/wolfi/httpie-docpkg:pypi/httpie
< 3.2.3-r0+ 4 more
- (no CPE)range: < 3.2.3-r0
- (no CPE)range: < 3.2.3-r0
- (no CPE)range: < 3.2.3-r0
- (no CPE)range: < 3.2.3-r0
- (no CPE)range: < 3.2.3
Patches
Vulnerability mechanics
References
8- github.com/advisories/GHSA-8r96-8889-qg2xghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-48052ghsaADVISORY
- github.com/httpie/cli/blob/master/httpie/client.pyghsaWEB
- github.com/httpie/cli/blob/master/httpie/internal/update_warnings.pyghsaWEB
- github.com/httpie/cli/commit/7f03c52d2237440c5a672296ce6955aae4ed4f09ghsaWEB
- github.com/httpie/cli/issues/1549ghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/httpie/PYSEC-2023-242.yamlghsaWEB
- gxx777.github.io/HTTPie_3.2.2_Cryptographic_API_Misuse_Vulnerability.mdghsaWEB
News mentions
0No linked articles in our index yet.