Lucene search

K
almalinuxAlmaLinuxALSA-2023:4520
HistoryAug 08, 2023 - 12:00 a.m.

Moderate: python-requests security update

2023-08-0800:00:00
errata.almalinux.org
16
python-requests
security update
proxy-authorization header
cve-2023-32681
http requests
developers
cvss score
references
impact

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N

EPSS

0.003

Percentile

68.3%

The python-requests package contains a library designed to make HTTP requests easy for developers.

Security Fix(es):

  • python-requests: Unintended leak of Proxy-Authorization header (CVE-2023-32681)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
almalinux8noarchpython3-requests< 2.20.0-3.el8_8python3-requests-2.20.0-3.el8_8.noarch.rpm

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N

EPSS

0.003

Percentile

68.3%