Glyph

**Name of the Vulnerable Software and Affected Versions** HTTPie versions prior to 3.1.0 **Description** HTTPie is a command-line HTTP client that stores some of the state that belongs to the outgoing requests and incoming responses on the disk for further usage through its concept of sessions. Before version 3.1.0, HTTPie did not distinguish between cookies and the hosts they belonged to. This behavior resulted in the exposure of some cookies when there are redirects originating from the actual host to a third-party website. **Recommendations** For versions prior to 3.1.0, users are advised to upgrade to version 3.1.0 or later to resolve the issue. There are no known workarounds for this problem.

**Name of the Vulnerable Software and Affected Versions** pip versions prior to 1.3 **Description** The issue allows man-in-the-middle attackers to execute arbitrary code via a crafted response to a "pip install" operation, as pip retrieves packages from the PyPI repository using HTTP and does not perform integrity checks on package contents. **Recommendations** For pip versions prior to 1.3, consider updating to version 1.3 or later to resolve the issue. As a temporary workaround, restrict the use of pip to trusted networks to minimize the risk of man-in-the-middle attacks.