13 matches found
python311-treq-24.9.1-1.4 on GA media (moderate)
python311-treq-24.9.1-1.4 on GA media Announcement ID: openSUSE-SU-2025:15106-1 Rating: moderate Cross-References: CVE-2022-23607 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in the...
Linux Distros Unpatched Vulnerability : CVE-2022-23607
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - treq is an HTTP library inspired by requests but written on top of Twisted's Agents. Treq's request methods treq.get, treq.post, etc. and treq.client.HTTPClient...
FreeBSD : py-treq -- sensitive information leak vulnerability (181f5e49-b71d-4527-9464-d4624d69acc3)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 181f5e49-b71d-4527-9464-d4624d69acc3 advisory. - treq is an HTTP library inspired by requests but written on top of Twisted's Agents. Treq's request...
OPENSUSE-SU-2022:10098-1 Security update for python-treq
This update for python-treq fixes the following issues: - Fixed CVE-2022-23607 boo1195432 binding cookies to the domain...
Security update for python-treq (moderate)
openSUSE Security Update: Security update for python-treq Announcement ID: openSUSE-SU-2022:10098-1 Rating: moderate References: 1195432 Cross-References: CVE-2022-23607 CVSS scores: CVE-2022-23607 NVD : 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N Affected Products: openSUSE Backports...
Debian: Security Advisory (DLA-2954-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DLA-2954-1 : python-treq - LTS security update
The remote Debian 9 host has packages installed that are affected by a vulnerability as referenced in the dla-2954 advisory. - treq is an HTTP library inspired by requests but written on top of Twisted's Agents. Treq's request methods treq.get, treq.post, etc. and treq.client.HTTPClient construct...
buildbot-fossil (=0.3.0), epcpm (>=2019.2.3 <=2021.7.0) +4 more potentially affected by CVE-2022-23607 via treq (>=21.1.0 <=21.5.0)
treq PYPI version =21.1.0, =2019.2.3, =0.0.0, =0.8.0, =0.8.0, =1.0.2, =1.1.2 Source cves: CVE-2022-23607 Source advisory: OSV:PYSEC-2022-26...
CVE-2022-23607
The CVE concerns treq, an HTTP library for Twisted, where cookies passed to requests (e.g., treq.get/post, HTTPClient) were not bound to a single domain, enabling supercookies that could leak data on redirects. Affected behavior is that cookies are sent to every domain; impact is sensitive inform...
CVE-2022-23607 Unsafe handling of user-specified cookies in treq
treq is an HTTP library inspired by requests but written on top of Twisted's Agents. Treq's request methods treq.get, treq.post, etc. and treq.client.HTTPClient constructor accept cookies as a dictionary. Such cookies are not bound to a single domain, and are therefore sent to every domain...
CVE-2022-23607 Unsafe handling of user-specified cookies in treq
treq is an HTTP library inspired by requests but written on top of Twisted's Agents. Treq's request methods treq.get, treq.post, etc. and treq.client.HTTPClient constructor accept cookies as a dictionary. Such cookies are not bound to a single domain, and are therefore sent to every domain...
CVE-2022-23607
treq is an HTTP library inspired by requests but written on top of Twisted's Agents. Treq's request methods treq.get, treq.post, etc. and treq.client.HTTPClient constructor accept cookies as a dictionary. Such cookies are not bound to a single domain, and are therefore sent to every domain...
buildbot-fossil (>=0.1.0 <=0.3.0), crossbar (=17.3.1) +8 more potentially affected by CVE-2022-23607 via treq (>=17.3.1 <=21.5.0)
treq PYPI version =17.3.1, =0.1.0, =2019.2.3, =0.0.0, =0.8.0, =0.8.0, =1.0.2, =0.100.2, =0.1.0, =0.1.2 Source cves: CVE-2022-23607 Source advisory: OSV:GHSA-FHPF-PP6P-55QC...