6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N
0.002 Low
EPSS
Percentile
51.8%
Requests is an HTTP library for human beings.
Requests is vulnerable to potentially leaking Proxy-Authorization headers to destination servers, specifically during redirects to an HTTPS origin with authentication credentials encoded into the URL.
Users’ proxy authentication secrets could be disclosed to parties beyond the used HTTP proxy server.
There is no known workaround at this time.
All Requests users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-python/requests-2.31.0"
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Gentoo | any | all | dev-python/requests | < 2.31.0 | UNKNOWN |