Lucene search

GitHub Advisory DatabaseGHSA-PG2W-X9WP-VW92

HistoryMay 13, 2022 - 1:11 a.m.

Python Requests Session Fixation

2022-05-1301:11:23

GitHub Advisory Database

github.com

5.5 Medium

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.016 Low

EPSS

Percentile

87.3%

JSON

The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect.

CPENameOperatorVersion
requestslt2.6.0

CPE	Name	Operator	Version
	requests	lt	2.6.0

References

advisories.mageia.org/MGASA-2015-0120.html

lists.fedoraproject.org/pipermail/package-announce/2015-March/153594.html

www.mandriva.com/security/advisories?name=MDVSA-2015:133

www.openwall.com/lists/oss-security/2015/03/14/4

www.openwall.com/lists/oss-security/2015/03/15/1

www.ubuntu.com/usn/USN-2531-1

github.com/advisories/GHSA-pg2w-x9wp-vw92

github.com/psf/requests/commit/3bd8afbff29e50b38f889b2f688785a669b9aafc

nvd.nist.gov/vuln/detail/CVE-2015-2296

warehouse.python.org/project/requests/2.6.0/

5.5 Medium

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.016 Low

EPSS

Percentile

87.3%

JSON

Related for GHSA-PG2W-X9WP-VW92