Vulnerability Database

300,445

Total vulnerabilities in the database

CVE-2023-48052

Missing SSL certificate validation in HTTPie v3.2.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack.

Published: Nov 16, 2023
Updated: May 9, 2024
CVE: CVE-2023-48052
GHSA: GHSA-8r96-8889-qg2x
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.4
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CWEs:

CWE-295

OWASP TOP 10:

A3 - Sensitive Data Exposure

Affected Software
References

Software	From	Fixed in
httpie	-	3.2.2.x
httpie / httpie	3.2.2	3.2.2.x

https://github.com/httpie/cli/blob/master/httpie/client.py#L33
https://github.com/httpie/cli/blob/master/httpie/internal/update_warnings.py#L44
https://github.com/pypa/advisory-database/tree/main/vulns/httpie/PYSEC-2023-242.yaml
https://gxx777.github.io/HTTPie_3.2.2_Cryptographic_API_Misuse_Vulnerability.md

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo