3 matches found
CVE-2026-25645
The CVE describes an insecure temp-file extraction in the Requests library prior to v2.33.0. The vulnerable function requests.utils.extract_zipped_paths() writes the CA bundle into /tmp using a predictable, non-unique filename (e.g., cacert.pem) and reuses an existing file if present, rather than...
CVE-2014-1830
CVE-2014-1830 affects python-requests (Requests). The issue arises when a redirect occurs: the Proxy-Authorization header is not re-evaluated for the new request, allowing a remote server to leak sensitive information. Public advisories (e.g., openSUSE-2016-98) note this CVE and indicate a securi...
CVE-2014-1829
The CVE-2014-1829 entry describes a vulnerability in Requests (python-requests) prior to version 2.3.0, where a redirected request could reveal a netrc password by reading the Authorization header. The core issue is exposure of credentials through netrc data via headers during redirects. Affected...