CVE-2022-0430: Exposure of Sensitive information in httpie
(updated )
httpie is a modern, user-friendly command-line HTTP client for the API era. Prior to version 3.1.0, all cookies saved to session storage are supercookies. At this time, there is no known workaround. Users are recommended to update to version 3.1.0.
References
- github.com/advisories/GHSA-6pc9-xqrg-wfqw
- github.com/httpie/httpie
- github.com/httpie/httpie/commit/65ab7d5caaaf2f95e61f9dd65441801c2ddee38b
- github.com/pypa/advisory-database/tree/main/vulns/httpie/PYSEC-2022-167.yaml
- huntr.dev/bounties/dafb2e4f-c6b6-4768-8ef5-b396cd6a801f
- nvd.nist.gov/vuln/detail/CVE-2022-0430
Detect and mitigate CVE-2022-0430 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →