VYPR

apk package

chainguard/httpie

pkg:apk/chainguard/httpie

Vulnerabilities (5)

  • CVE-2026-45409MedJun 5, 2026
    affected < 3.2.4-r10fixed 3.2.4-r10

    Internationalized Domain Names in Applications (IDNA) for Python provides support for Internationalized Domain Names in Applications (IDNA) and Unicode IDNA Compatibility Processing. In versions prior to 3.15, payloads such as `"\u0660" * N` or `"\u30fb" * N + "\u6f22"` utilize t

  • CVE-2026-44432HigMay 13, 2026
    affected < 3.2.4-r10fixed 3.2.4-r10

    urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion (1) during the second HTTPResponse.read(amt=N) call when the response was decompressed using the official Brotli library or (2) w

  • CVE-2026-44431MedMay 13, 2026
    affected < 3.2.4-r10fixed 3.2.4-r10

    urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connection_from_url().urlopen(..., assert_same_host=False) still forward these sensitive headers. This vulnerability is fixed in 2.7.0.

  • CVE-2023-48052Nov 16, 2023
    affected < 3.2.3-r0fixed 3.2.3-r0

    Missing SSL certificate validation in HTTPie v3.2.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack.

  • CVE-2019-10751Aug 23, 2019
    affected < 0fixed 0

    All versions of the HTTPie package prior to version 1.0.3 are vulnerable to Open Redirect that allows an attacker to write an arbitrary file with supplied filename and content to the current directory, by redirecting a request from HTTP to a crafted URL pointing to a server in hi