Requests@* Security Vulnerabilities and Issues — Requests@* CVE List

Lucene search

PythonRequests*

4 matches found

CVE•added 2018/10/09 5:29 p.m.•1515 views

CVE-2018-18074

The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.

7.5CVSS6.7AI score0.00219EPSS

CVE•added 2023/05/26 6:15 p.m.•941 views

CVE-2023-32681

Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use rebuild_proxies to reattach the Proxy-Authorization header to requests. For HTTP connections sent thro...

6.1CVSS6.8AI score0.06121EPSS

CVE•added 2014/10/15 2:55 p.m.•101 views

CVE-2014-1830

Requests (aka python-requests) before 2.3.0 allows remote servers to obtain sensitive information by reading the Proxy-Authorization header in a redirected request.

5CVSS5.8AI score0.00575EPSS

CVE•added 2014/10/15 2:55 p.m.•74 views

CVE-2014-1829

Requests (aka python-requests) before 2.3.0 allows remote servers to obtain a netrc password by reading the Authorization header in a redirected request.

5CVSS6.4AI score0.00613EPSS