Debian Security Advisory

DLA-1937-1 httpie -- LTS security update

Date Reported:
30 Sep 2019
Affected Packages:
Security database references:
In the Debian bugtracking system: Bug 940058.
In Mitre's CVE dictionary: CVE-2019-10751.
More information:

An open redirect, that allows an attacker to write an arbitrary file with supplied filename and content to the current directory, by redirecting a request from HTTP to a crafted URL pointing to a server in his or hers control, was found and reported in CVE-2019-10751. This was patched upstream and so when `--download` without `--output` results in a redirect, now only the initial URL is considered, not the final one.

For Debian 8 Jessie, this problem has been fixed in version 0.8.0-1+deb8u1.

We recommend that you upgrade your httpie packages.

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: