CVE-2018-18074

CVE-2018-18074 affects the Python requests library prior to 2.20.0. When handling a same-hostname HTTPS-to-HTTP redirect, the library sends the HTTP Authorization header to the HTTP URI, enabling credential exposure via network sniffing. Mitigation: upgrade to a version that includes the fix (Req...

CVE-2023-32681

CVE-2023-32681 affects the Python-requests project: a Proxy-Authorization header can be leaked to destination servers when redirects head to HTTPS due to how rebuild_proxies reattaches credentials. The issue arises in requests before the fix and is mitigated by upgrading to version 2.31.0 or late...

CVE-2026-25645

The CVE describes an insecure temp-file extraction in the Requests library prior to v2.33.0. The vulnerable function requests.utils.extract_zipped_paths() writes the CA bundle into /tmp using a predictable, non-unique filename (e.g., cacert.pem) and reuses an existing file if present, rather than...

CVE-2015-2296

CVE-2015-2296 affects the Python requests project: the resolve_redirects implementation in sessions.py in versions 2.1.0 through 2.5.3 allows a remote attacker to perform session fixation via a redirect that carries a cookie without a host value. The connected data confirms the vulnerability in r...

CVE-2014-1830

CVE-2014-1830 affects python-requests (Requests). The issue arises when a redirect occurs: the Proxy-Authorization header is not re-evaluated for the new request, allowing a remote server to leak sensitive information. Public advisories (e.g., openSUSE-2016-98) note this CVE and indicate a securi...

CVE-2014-1829

The CVE-2014-1829 entry describes a vulnerability in Requests (python-requests) prior to version 2.3.0, where a redirected request could reveal a netrc password by reading the Authorization header. The core issue is exposure of credentials through netrc data via headers during redirects. Affected...