Requests Security Vulnerabilities and Issues — Requests CVE List

Lucene search

PythonRequests

5 matches found

CVE•added 2018/10/09 5:29 p.m.•1515 views

CVE-2018-18074

The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.

7.5CVSS6.7AI score0.00219EPSS

CVE•added 2023/05/26 6:15 p.m.•941 views

CVE-2023-32681

Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use rebuild_proxies to reattach the Proxy-Authorization header to requests. For HTTP connections sent thro...

6.1CVSS6.8AI score0.06121EPSS

CVE•added 2015/03/18 4:59 p.m.•148 views

CVE-2015-2296

The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect.

6.8CVSS5.7AI score0.01915EPSS

CVE•added 2014/10/15 2:55 p.m.•101 views

CVE-2014-1830

Requests (aka python-requests) before 2.3.0 allows remote servers to obtain sensitive information by reading the Proxy-Authorization header in a redirected request.

5CVSS5.8AI score0.00575EPSS

CVE•added 2014/10/15 2:55 p.m.•74 views

CVE-2014-1829

Requests (aka python-requests) before 2.3.0 allows remote servers to obtain a netrc password by reading the Authorization header in a redirected request.

5CVSS6.4AI score0.00613EPSS