2 matches found
SUSE CVE-2022-23607
treq is an HTTP library inspired by requests but written on top of Twisted's Agents. Treq's request methods treq.get, treq.post, etc. and treq.client.HTTPClient constructor accept cookies as a dictionary. Such cookies are not bound to a single domain, and are therefore sent to every domain...
buildbot-fossil (>=0.1.0 <=0.3.0), crossbar (=17.3.1) +8 more potentially affected by CVE-2022-23607 via treq (>=17.3.1 <=21.5.0)
treq PYPI version =17.3.1, =0.1.0, =2019.2.3, =0.0.0, =0.8.0, =0.8.0, =1.0.2, =0.100.2, =0.1.0, =0.1.2 Source cves: CVE-2022-23607 Source advisory: OSV:GHSA-FHPF-PP6P-55QC...