apk package
wolfi/httpie
pkg:apk/wolfi/httpie
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-45409 | Med | 5.3 | < 3.2.4-r10 | 3.2.4-r10 | Jun 5, 2026 | Internationalized Domain Names in Applications (IDNA) for Python provides support for Internationalized Domain Names in Applications (IDNA) and Unicode IDNA Compatibility Processing. In versions prior to 3.15, payloads such as `"\u0660" * N` or `"\u30fb" * N + "\u6f22"` utilize t | |
| CVE-2026-44432 | Hig | 7.5 | < 3.2.4-r10 | 3.2.4-r10 | May 13, 2026 | urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion (1) during the second HTTPResponse.read(amt=N) call when the response was decompressed using the official Brotli library or (2) w | |
| CVE-2026-44431 | Med | 5.3 | < 3.2.4-r10 | 3.2.4-r10 | May 13, 2026 | urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connection_from_url().urlopen(..., assert_same_host=False) still forward these sensitive headers. This vulnerability is fixed in 2.7.0. | |
| CVE-2023-48052 | — | < 3.2.3-r0 | 3.2.3-r0 | Nov 16, 2023 | Missing SSL certificate validation in HTTPie v3.2.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack. | ||
| CVE-2019-10751 | — | < 0 | 0 | Aug 23, 2019 | All versions of the HTTPie package prior to version 1.0.3 are vulnerable to Open Redirect that allows an attacker to write an arbitrary file with supplied filename and content to the current directory, by redirecting a request from HTTP to a crafted URL pointing to a server in hi |
- affected < 3.2.4-r10fixed 3.2.4-r10
Internationalized Domain Names in Applications (IDNA) for Python provides support for Internationalized Domain Names in Applications (IDNA) and Unicode IDNA Compatibility Processing. In versions prior to 3.15, payloads such as `"\u0660" * N` or `"\u30fb" * N + "\u6f22"` utilize t
- affected < 3.2.4-r10fixed 3.2.4-r10
urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion (1) during the second HTTPResponse.read(amt=N) call when the response was decompressed using the official Brotli library or (2) w
- affected < 3.2.4-r10fixed 3.2.4-r10
urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connection_from_url().urlopen(..., assert_same_host=False) still forward these sensitive headers. This vulnerability is fixed in 2.7.0.
- CVE-2023-48052Nov 16, 2023affected < 3.2.3-r0fixed 3.2.3-r0
Missing SSL certificate validation in HTTPie v3.2.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack.
- CVE-2019-10751Aug 23, 2019affected < 0fixed 0
All versions of the HTTPie package prior to version 1.0.3 are vulnerable to Open Redirect that allows an attacker to write an arbitrary file with supplied filename and content to the current directory, by redirecting a request from HTTP to a crafted URL pointing to a server in hi