The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.

References

docs.python-requests.org/en/master/community/updates/#release-and-version-history

lists.opensuse.org/opensuse-security-announce/2019-07/msg00024.html

access.redhat.com/errata/RHSA-2019:2035

bugs.debian.org/910766

github.com/requests/requests/commit/c45d7c49ea75133e52ab22a8e9e13173938e36ff

github.com/requests/requests/issues/4716

github.com/requests/requests/pull/4718

usn.ubuntu.com/3790-1/

usn.ubuntu.com/3790-2/

www.oracle.com/security-alerts/cpujul2022.html

osv 6

redhatcve 1

nessus 63

openvas 22

fedora 3

amazon 2

almalinux 2

prion 1

freebsd 1

kitploit 1

mageia 1

ubuntucve 1

centos 3

f5 1

redhat 9

ubuntu 2

suse 1

github 1

debiancve 1

cve 1

huntr 2

veracode 1

nvd 1

oraclelinux 7

rocky 2

photon 6

ibm 3

rosalinux 1

oracle 2

osv

CVE-2018-18074

2018-10-09 17:29:01

Insufficiently Protected Credentials in Requests

2018-10-29 19:06:46

PYSEC-2018-28

2018-10-09 17:29:00

redhatcve

CVE-2018-18074

2020-04-03 01:55:49

nessus

EulerOS 2.0 SP5 : python-requests (EulerOS-SA-2019-1886)

2019-09-16 00:00:00

FreeBSD : www/py-requests -- Information disclosure vulnerability (50ad9a9a-1e28-11e9-98d7-0050562a4d7b)

2019-01-23 00:00:00

RHEL 7 : python-requests (RHSA-2019:2035)

2019-08-12 00:00:00

openvas

Ubuntu: Security Advisory (USN-3790-1)

2018-10-26 00:00:00

SUSE: Security Advisory (SUSE-SU-2022:1448-1)

2022-04-28 00:00:00

Huawei EulerOS: Security Advisory for python-requests (EulerOS-SA-2020-2201)

2020-10-21 00:00:00

fedora

[SECURITY] Fedora 27 Update: python-requests-2.20.0-1.fc27

2018-11-14 02:56:22

[SECURITY] Fedora 29 Update: python-requests-2.20.0-1.fc29

2018-11-06 22:11:30

[SECURITY] Fedora 28 Update: python-requests-2.20.0-1.fc28

2018-11-07 02:05:47

amazon

Low: python-requests

2019-10-21 18:01:00

Medium: python-virtualenv

2020-04-20 20:48:00

almalinux

python-requests bug fix update

2019-11-05 20:50:57

Moderate: python27:2.7 security, bug fix, and enhancement update

2020-04-28 08:55:59

prion

Authorization

2018-10-09 17:29:00

freebsd

www/py-requests -- Information disclosure vulnerability

2018-06-27 00:00:00

kitploit

Packj - Large-Scale Security Analysis Platform To Detect Malicious/Risky Open-Source Packages

2022-08-10 12:30:00

mageia

Updated python-requests packages fix security vulnerability

2018-12-03 01:15:20

ubuntucve

CVE-2018-18074

2018-10-09 00:00:00

centos

python security update

2019-08-30 04:03:34

python security update

2020-03-25 19:10:05

python3 security update

2020-03-18 19:33:57

K000133652 : Python vulnerability CVE-2018-18074

2023-04-27 00:00:00

redhat

(RHSA-2019:2035) Low: python-requests security update

2019-08-06 07:53:23

(RHSA-2020:0851) Moderate: python-virtualenv security update

2020-03-17 13:10:32

(RHSA-2020:2081) Moderate: python-virtualenv security update

2020-05-12 14:03:20

ubuntu

Requests vulnerability

2018-10-22 00:00:00

Requests vulnerability

2018-10-15 00:00:00

suse

Security update for python-requests (moderate)

2019-07-20 00:00:00

github

Insufficiently Protected Credentials in Requests

2018-10-29 19:06:46

debiancve

CVE-2018-18074

2018-10-09 17:29:01

cve

CVE-2018-18074

2018-10-09 17:29:01

huntr

Exposure of Sensitive Information to an Unauthorized Actor in node-fetch/node-fetch

2022-02-12 17:07:46

Exposure of Sensitive Information to an Unauthorized Actor in follow-redirects/follow-redirects

2022-02-08 02:23:55

veracode

Information Disclosure

2018-10-10 02:26:19

nvd

CVE-2018-18074

2018-10-09 17:29:01

oraclelinux

python-requests security update

2019-08-13 00:00:00

python-virtualenv security update

2020-03-18 00:00:00

python-virtualenv security update

2020-05-19 00:00:00

rocky

python-requests bug fix update

2019-11-05 20:50:57

python27:2.7 security, bug fix, and enhancement update

2020-04-28 08:55:59

photon

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2019-1.0-0221

2019-04-01 00:00:00

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2019-2.0-0147

2019-04-01 00:00:00

Critical Photon OS Security Update - PHSA-2019-0147

2019-04-01 00:00:00

ibm

Security Bulletin: IBM QRadar Assistant App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

2024-04-29 16:48:58

Security Bulletin: IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

2021-01-27 00:05:29

Security Bulletin: Cloud Pak for Security uses packages that are vulnerable to multiple CVEs

2023-03-08 18:05:21

rosalinux

Advisory ROSA-SA-2021-1957

2021-07-02 18:03:40

oracle

Oracle Critical Patch Update Advisory - July 2022

2022-07-19 00:00:00

Oracle Critical Patch Update Advisory - April 2023

2023-04-18 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

7.8 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.3%

JSON

Related for CVELIST:CVE-2018-18074