Exposure of Sensitive Information to an Unauthorized Actor in Requests

2022-05-1703:49:35

Google

osv.dev

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

68.2%

JSON

Requests (aka python-requests) before 2.3.0 allows remote servers to obtain a netrc password by reading the Authorization header in a redirected request.

CPENameOperatorVersion
requestseq1.2.0
requestseq0.8.2
requestseq0.14.2
requestseq1.0.1
requestseq0.13.7
requestseq0.8.3
requestseq0.14.1
requestseq0.2.4
requestseq0.13.3
requestseq0.13.5

Name	Operator	Version
requests	eq	1.2.0
requests	eq	0.8.2
requests	eq	0.14.2
requests	eq	1.0.1
requests	eq	0.13.7
requests	eq	0.8.3
requests	eq	0.14.1
requests	eq	0.2.4
requests	eq	0.13.3
requests	eq	0.13.5