2 matches found
CVE-2023-32681
CVE-2023-32681 affects the Python-requests project: a Proxy-Authorization header can be leaked to destination servers when redirects head to HTTPS due to how rebuild_proxies reattaches credentials. The issue arises in requests before the fix and is mitigated by upgrading to version 2.31.0 or late...
CVE-2015-2296
CVE-2015-2296 affects the Python requests project: the resolve_redirects implementation in sessions.py in versions 2.1.0 through 2.5.3 allows a remote attacker to perform session fixation via a redirect that carries a cookie without a host value. The connected data confirms the vulnerability in r...