Huawei EulerOS: Security Advisory for python-requests (EulerOS-SA-2023-2597)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for python-pip (EulerOS-SA-2023-2596)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle Linux 9 : python-requests (ELSA-2023-4350)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-4350 advisory. 2.25.1-7 - Security fix for CVE-2023-32681 Resolves: rhbz2209469 Tenable has extracted the preceding description block directly from the Oracle Linux security...

Amazon Linux 2 : python-requests (ALAS-2023-2110)

The version of python-requests installed on the remote host is prior to 2.6.0-10. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2110 advisory. A flaw was found in the Python-requests package, where it is vulnerable to potentially leaking Proxy- Authorization header...

Amazon Linux 2 : python3-requests (ALAS-2023-2111)

The version of python3-requests installed on the remote host is prior to 2.14.2-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2111 advisory. A flaw was found in the Python-requests package, where it is vulnerable to potentially leaking Proxy- Authorization heade...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-requests (SUSE-SU-2023:2866-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:2866-1 advisory. - Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers...

CBL Mariner 2.0 Security Update: python-requests (CVE-2023-32681)

The version of python-requests installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-32681 advisory. - Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization...

Debian: Security Advisory (DLA-3456-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6155-2: Requests vulnerability

USN-6155-1 fixed a vulnerability in Requests. This update provides the corresponding update for Ubuntu 16.04 ESM and 18.04 ESM. Original advisory details: Dennis Brinkrolf and Tobias Funke discovered that Requests incorrectly leaked Proxy-Authorization headers. A remote attacker could possibly us...

Fedora 38 : mingw-python-requests (2023-f3824383be)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-f3824383be advisory. Update to requests-2.31.0. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested...

CVE-2023-32681

Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use rebuildproxies to reattach the Proxy-Authorization header to requests. For HTTP connections sent...

Design/Logic Flaw

Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use rebuildproxies to reattach the Proxy-Authorization header to requests. For HTTP connections sent...

CVE-2023-32681

Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use rebuildproxies to reattach the Proxy-Authorization header to requests. For HTTP connections sent...

PYSEC-2023-74

Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use rebuildproxies to reattach the Proxy-Authorization header to requests. For HTTP connections sent...

CVE-2023-32681

Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use rebuildproxies to reattach the Proxy-Authorization header to requests. For HTTP connections sent...

CVE-2023-32681 Unintended leak of Proxy-Authorization header in requests

Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use rebuildproxies to reattach the Proxy-Authorization header to requests. For HTTP connections sent...

CVE-2023-32681

CVE-2023-32681 affects the Python-requests project: a Proxy-Authorization header can be leaked to destination servers when redirects head to HTTPS due to how rebuild_proxies reattaches credentials. The issue arises in requests before the fix and is mitigated by upgrading to version 2.31.0 or late...

CVE-2023-32681 Unintended leak of Proxy-Authorization header in requests

Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use rebuildproxies to reattach the Proxy-Authorization header to requests. For HTTP connections sent...

Fedora 38 : python-requests (2023-521ebb9cbb)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-521ebb9cbb advisory. - Security fix for CVE-2023-32681 - https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q Tenable has extracted the preceding description...

CRLF Injection

Overview Affected versions of this package are vulnerable to CRLF Injection when untrusted user input is used to set the content-type header in the HTTP .Patch, .Post, .Put and .Delete requests. This can lead to logical errors and other misbehaviors. Note: This issue is present due to an incomple...