CVE-2018-18074
CVE-2018-18074 affects the Python requests library prior to 2.20.0. When handling a same-hostname HTTPS-to-HTTP redirect, the library sends the HTTP Authorization header to the HTTP URI, enabling credential exposure via network sniffing. Mitigation: upgrade to a version that includes the fix (Req...