Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 701832 (CVE-2019-10751) - <net-misc/httpie-1.0.3: url redirection vulnerability allows attacker to write arbitrary file (CVE-2019-10751)
Summary: <net-misc/httpie-1.0.3: url redirection vulnerability allows attacker to writ...
Alias: CVE-2019-10751
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
Whiteboard: B4 [noglsa cve]
Depends on:
Reported: 2019-12-02 22:58 UTC by GLSAMaker/CVETool Bot
Modified: 2020-03-25 20:05 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---
stable-bot: sanity-check+


Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2019-12-02 22:58:01 UTC
CVE-2019-10751 (
  All versions of the HTTPie package prior to version 1.0.3 are vulnerable to
  Open Redirect that allows an attacker to write an arbitrary file with
  supplied filename and content to the current directory, by redirecting a
  request from HTTP to a crafted URL pointing to a server in his or hers
Comment 1 Agostino Sarubbo gentoo-dev 2019-12-03 10:03:53 UTC
amd64 stable
Comment 2 Agostino Sarubbo gentoo-dev 2019-12-03 10:06:59 UTC
x86 stable.

Maintainer(s), please cleanup.
Security, please vote.
Comment 3 Ralph Seichter 2019-12-03 14:10:35 UTC
> Maintainer(s), please cleanup.
Cleanup will be done once the attached pull request is merged by either proxy-maint or the security team.
Comment 4 Larry the Git Cow gentoo-dev 2019-12-03 14:17:28 UTC
The bug has been closed via the following commit(s):

commit 4a609fc4607b39c0b6634724e30abf7a59e57cff
Author:     Ralph Seichter <>
AuthorDate: 2019-12-02 23:20:43 +0000
Commit:     Joonas Niilola <>
CommitDate: 2019-12-03 14:17:18 +0000

    net-misc/httpie: Remove vulnerable ebuild
    Package-Manager: Portage-2.3.79, Repoman-2.3.16
    Signed-off-by: Ralph Seichter <>
    Signed-off-by: Joonas Niilola <>

 net-misc/httpie/Manifest               |  1 -
 net-misc/httpie/httpie-1.0.2-r1.ebuild | 43 ----------------------------------
 2 files changed, 44 deletions(-)
Comment 5 Joonas Niilola gentoo-dev 2019-12-03 14:18:59 UTC
Comment 6 Thomas Deutschmann (RETIRED) gentoo-dev 2020-03-25 20:05:17 UTC
GLSA Vote: No

Repository is clean, all done!