First published: Thu Nov 16 2023(Updated: )
Missing SSL certificate validation in HTTPie v3.2.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack.
Credit: firstname.lastname@example.org email@example.com
|Affected Software||Affected Version||How to fix|
CVE-2023-48052 is a vulnerability in HTTPie v3.2.2 that allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack due to missing SSL certificate validation.
CVE-2023-48052 affects HTTPie v3.2.2.
Attackers can exploit CVE-2023-48052 by performing a man-in-the-middle attack to eavesdrop on communications between the host and server.
Yes, you can find references for CVE-2023-48052 at the following links: [link1](https://gxx777.github.io/HTTPie_3.2.2_Cryptographic_API_Misuse_Vulnerability.md), [link2](https://nvd.nist.gov/vuln/detail/CVE-2023-48052), [link3](https://github.com/httpie/cli/blob/master/httpie/client.py#L33)
To fix CVE-2023-48052, update to a version of HTTPie that includes the fix for the missing SSL certificate validation vulnerability.