PT-2022-16839 · Httpie+2 · Httpie+2

Glyph

Published

2022-03-07

Updated

2025-04-23

CVE-2022-24737

CVSS v4.0

6.9

Medium

Vector

AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions HTTPie versions prior to 3.1.0

Description HTTPie is a command-line HTTP client that stores some of the state that belongs to the outgoing requests and incoming responses on the disk for further usage through its concept of sessions. Before version 3.1.0, HTTPie did not distinguish between cookies and the hosts they belonged to. This behavior resulted in the exposure of some cookies when there are redirects originating from the actual host to a third-party website.

Recommendations For versions prior to 3.1.0, users are advised to upgrade to version 3.1.0 or later to resolve the issue. There are no known workarounds for this problem.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

ALT-PU-2025-5823

CVE-2022-24737

GHSA-9W4W-CPC8-H2FQ

MGASA-2023-0196

PYSEC-2022-34

Affected Products

Alt Linux

Debian

Httpie

PT-2022-16839 · Httpie+2 · Httpie+2

CVE-2022-24737

Weakness Enumeration

Related Identifiers

Affected Products

References · 27