EUVD-2022-0341

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2022-23607

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - treq is an HTTP library inspired by requests but written on top of Twisted's Agents. Treq's request methods treq.get, treq.post, etc. and treq.client.HTTPClient...

FreeBSD : py-treq -- sensitive information leak vulnerability (181f5e49-b71d-4527-9464-d4624d69acc3)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 181f5e49-b71d-4527-9464-d4624d69acc3 advisory. - treq is an HTTP library inspired by requests but written on top of Twisted's Agents. Treq's request...

‘Supercookies’ Have Privacy Experts Sounding the Alarm

A German ad-tech trial features what Vodafone calls “digital tokens.” Should you be worried?...

Debian DLA-2954-1 : python-treq - LTS security update

The remote Debian 9 host has packages installed that are affected by a vulnerability as referenced in the dla-2954 advisory. - treq is an HTTP library inspired by requests but written on top of Twisted's Agents. Treq's request methods treq.get, treq.post, etc. and treq.client.HTTPClient construct...

GHSA-6PC9-XQRG-WFQW Exposure of Sensitive information in httpie

httpie is a modern, user-friendly command-line HTTP client for the API era. Prior to version 3.1.0, all cookies saved to session storage are supercookies. At this time, there is no known workaround. Users are recommended to update to version 3.1.0...

Exposure of Sensitive information in httpie

httpie is a modern, user-friendly command-line HTTP client for the API era. Prior to version 3.1.0, all cookies saved to session storage are supercookies. At this time, there is no known workaround. Users are recommended to update to version 3.1.0...

CVE-2022-23607

treq is an HTTP library inspired by requests but written on top of Twisted's Agents. Treq's request methods treq.get, treq.post, etc. and treq.client.HTTPClient constructor accept cookies as a dictionary. Such cookies are not bound to a single domain, and are therefore sent to every domain...

Design/Logic Flaw

treq is an HTTP library inspired by requests but written on top of Twisted's Agents. Treq's request methods treq.get, treq.post, etc. and treq.client.HTTPClient constructor accept cookies as a dictionary. Such cookies are not bound to a single domain, and are therefore sent to every domain...

CVE-2022-23607

treq is an HTTP library inspired by requests but written on top of Twisted's Agents. Treq's request methods treq.get, treq.post, etc. and treq.client.HTTPClient constructor accept cookies as a dictionary. Such cookies are not bound to a single domain, and are therefore sent to every domain...

CVE-2022-23607

The CVE concerns treq, an HTTP library for Twisted, where cookies passed to requests (e.g., treq.get/post, HTTPClient) were not bound to a single domain, enabling supercookies that could leak data on redirects. Affected behavior is that cookies are sent to every domain; impact is sensitive inform...

py-treq -- sensitive information leak vulnerability

Treq's request methods treq.get, treq.post, HTTPClient.request, HTTPClient.get, etc. accept cookies as a dictionary. Such cookies are not bound to a single domain, and are therefore sent to every domain "supercookies". This can potentially cause sensitive information to leak upon an HTTP redirect...

Security update for MozillaFirefox (important)

openSUSE Security Update: Security update for MozillaFirefox Announcement ID: openSUSE-SU-2021:1367-1 Rating: important References: 1188891 1189547 1190269 1190274 1190710 1191332 Cross-References: CVE-2021-29980 CVE-2021-29981 CVE-2021-29982 CVE-2021-29983 CVE-2021-29984 CVE-2021-29985...

Security update for MozillaFirefox (important)

openSUSE Security Update: Security update for MozillaFirefox Announcement ID: openSUSE-SU-2021:3451-1 Rating: important References: 1188891 1189547 1190269 1190274 1190710 1191332 Cross-References: CVE-2021-29980 CVE-2021-29981 CVE-2021-29982 CVE-2021-29983 CVE-2021-29984 CVE-2021-29985...

Security update for MozillaFirefox (important)

openSUSE Security Update: Security update for MozillaFirefox Announcement ID: openSUSE-SU-2021:3331-1 Rating: important References: 1188891 1189547 1190269 1190274 1190710 1191332 Cross-References: CVE-2021-29980 CVE-2021-29981 CVE-2021-29982 CVE-2021-29983 CVE-2021-29984 CVE-2021-29985...

AT&T Drops Controversial Tracking Header

When information came out earlier this month that some mobile carriers were injecting unique identifying “supercookies” into their users’ Web traffic, privacy groups and users were angered. The practice, used by Verizon and AT&T, enables advertisers to track users’ behavior and assemble informati...

History Sniffing Case Dismissed Because Defendant Fails to Quantify Losses

A federal court in New York has dismissed a case in which the plaintiff claimed that a third-party advertiser had violated the Computer Fraud and Abuse Act CFAA by sniffing her browser history and using flash cookies, ruling that the plaintiff didn’t prove that the actions were harmful enough...

Microsoft Drops Use of 'Supercookies' on MSN

In response to work by Stanford University researchers who found that Microsoft and several other high-profile companies were using a controversial technique to keep persistent cookies on users’ PCs to track their movements, Microsoft says it has discontinued the practice of using so-called...