漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Exposure of Sensitive Information to an Unauthorized Actor in httpie
Vulnerability Description
HTTPie is a command-line HTTP client. HTTPie has the practical concept of sessions, which help users to persistently store some of the state that belongs to the outgoing requests and incoming responses on the disk for further usage. Before 3.1.0, HTTPie didn‘t distinguish between cookies and hosts they belonged. This behavior resulted in the exposure of some cookies when there are redirects originating from the actual host to a third party website. Users are advised to upgrade. There are no known workarounds.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Vulnerability Type
信息暴露
Vulnerability Title
HTTPie 信息泄露漏洞
Vulnerability Description
HTTPie是一款命令行HTTP客户端。 HTTPie 中存在信息泄露漏洞,该漏洞源于产品的didna不能区分不能辨别Cookie所属的主机。攻击者可通过该漏洞导致cookie泄露。以下产品及版本受到影响:Httpie 3.1.0 之前版本。
CVSS Information
N/A
Vulnerability Type
N/A