Lucene search
K

13 matches found

OPENSUSE Linux
OPENSUSE Linux
added 2025/05/18 12:0 a.m.6 views

python311-treq-24.9.1-1.4 on GA media (moderate)

python311-treq-24.9.1-1.4 on GA media Announcement ID: openSUSE-SU-2025:15106-1 Rating: moderate Cross-References: CVE-2022-23607 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in the...

6.5CVSS7.3AI score0.01083EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2022-23607

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - treq is an HTTP library inspired by requests but written on top of Twisted's Agents. Treq's request methods treq.get, treq.post, etc. and treq.client.HTTPClient...

6.5CVSS6.6AI score0.01083EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/08/31 12:0 a.m.25 views

FreeBSD : py-treq -- sensitive information leak vulnerability (181f5e49-b71d-4527-9464-d4624d69acc3)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 181f5e49-b71d-4527-9464-d4624d69acc3 advisory. - treq is an HTTP library inspired by requests but written on top of Twisted's Agents. Treq's request...

6.5CVSS6.5AI score0.01083EPSS
Exploits0References3
OSV
OSV
added 2022/08/24 4:1 a.m.7 views

OPENSUSE-SU-2022:10098-1 Security update for python-treq

This update for python-treq fixes the following issues: - Fixed CVE-2022-23607 boo1195432 binding cookies to the domain...

6.5CVSS6.4AI score0.01083EPSS
Exploits0References3
OPENSUSE Linux
OPENSUSE Linux
added 2022/08/24 12:0 a.m.56 views

Security update for python-treq (moderate)

openSUSE Security Update: Security update for python-treq Announcement ID: openSUSE-SU-2022:10098-1 Rating: moderate References: 1195432 Cross-References: CVE-2022-23607 CVSS scores: CVE-2022-23607 NVD : 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N Affected Products: openSUSE Backports...

6.5CVSS6.4AI score0.01083EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2022/03/19 12:0 a.m.18 views

Debian: Security Advisory (DLA-2954-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS6.7AI score0.01083EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2022/03/18 12:0 a.m.22 views

Debian DLA-2954-1 : python-treq - LTS security update

The remote Debian 9 host has packages installed that are affected by a vulnerability as referenced in the dla-2954 advisory. - treq is an HTTP library inspired by requests but written on top of Twisted's Agents. Treq's request methods treq.get, treq.post, etc. and treq.client.HTTPClient construct...

6.5CVSS6.5AI score0.01083EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2022/02/01 11:15 a.m.4 views

buildbot-fossil (=0.3.0), epcpm (>=2019.2.3 <=2021.7.0) +4 more potentially affected by CVE-2022-23607 via treq (>=21.1.0 <=21.5.0)

treq PYPI version =21.1.0, =2019.2.3, =0.0.0, =0.8.0, =0.8.0, =1.0.2, =1.1.2 Source cves: CVE-2022-23607 Source advisory: OSV:PYSEC-2022-26...

6.5CVSS6.5AI score0.01083EPSS
Exploits0
CVE
CVE
added 2022/02/01 11:1 a.m.149 views

CVE-2022-23607

The CVE concerns treq, an HTTP library for Twisted, where cookies passed to requests (e.g., treq.get/post, HTTPClient) were not bound to a single domain, enabling supercookies that could leak data on redirects. Affected behavior is that cookies are sent to every domain; impact is sensitive inform...

6.5CVSS6.3AI score0.01083EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2022/02/01 11:1 a.m.22 views

CVE-2022-23607 Unsafe handling of user-specified cookies in treq

treq is an HTTP library inspired by requests but written on top of Twisted's Agents. Treq's request methods treq.get, treq.post, etc. and treq.client.HTTPClient constructor accept cookies as a dictionary. Such cookies are not bound to a single domain, and are therefore sent to every domain...

6.5CVSS6.2AI score0.01083EPSS
Exploits0References4
Cvelist
Cvelist
added 2022/02/01 11:1 a.m.38 views

CVE-2022-23607 Unsafe handling of user-specified cookies in treq

treq is an HTTP library inspired by requests but written on top of Twisted's Agents. Treq's request methods treq.get, treq.post, etc. and treq.client.HTTPClient constructor accept cookies as a dictionary. Such cookies are not bound to a single domain, and are therefore sent to every domain...

6.5CVSS6.5AI score0.01083EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2022/02/01 11:1 a.m.34 views

CVE-2022-23607

treq is an HTTP library inspired by requests but written on top of Twisted's Agents. Treq's request methods treq.get, treq.post, etc. and treq.client.HTTPClient constructor accept cookies as a dictionary. Such cookies are not bound to a single domain, and are therefore sent to every domain...

6.5CVSS6.2AI score0.01083EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2022/02/01 12:43 a.m.4 views

buildbot-fossil (>=0.1.0 <=0.3.0), crossbar (=17.3.1) +8 more potentially affected by CVE-2022-23607 via treq (>=17.3.1 <=21.5.0)

treq PYPI version =17.3.1, =0.1.0, =2019.2.3, =0.0.0, =0.8.0, =0.8.0, =1.0.2, =0.100.2, =0.1.0, =0.1.2 Source cves: CVE-2022-23607 Source advisory: OSV:GHSA-FHPF-PP6P-55QC...

6.5CVSS6.5AI score0.01083EPSS
Exploits0
Rows per page
Query Builder