Missing SSL certificate validation in HTTPie v3.2.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack.
httpie is a modern, user-friendly command-line HTTP client for the API era. Prior to version 3.1.0, all cookies saved to session storage are supercookies. At this time, there is no known workaround. Users are recommended to update to version 3.1.0.
HTTPie have the practical concept of sessions, which help users to persistently store some of the state that belongs to the outgoing requests and incoming responses on the disk for further usage. As an example, we can make an authenticated request and save it to a named session called api: $ http –session api -a user:pass pie.dev/basic-auth/user/pass { "authenticated": true, "user": "user" } Since we have now saved the authentication …
All versions of the HTTPie package prior to version 1.0.3 are vulnerable to Open Redirect that allows an attacker to write an arbitrary file with supplied filename and content to the current directory, by redirecting a request from HTTP to a crafted URL pointing to a server in his or hers control.