The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.

CPENameOperatorVersion
requestseq0.10.2
requestseq2.15.1
requestseq0.8.3
requestseq0.4.1
requestseq0.2.0
requestseq0.12.0
requestseq2.2.1
requestseq0.2.2
requestseq2.1.0
requestseq2.16.5

Name	Operator	Version
requests	eq	0.10.2
requests	eq	2.15.1
requests	eq	0.8.3
requests	eq	0.4.1
requests	eq	0.2.0
requests	eq	0.12.0
requests	eq	2.2.1
requests	eq	0.2.2
requests	eq	2.1.0
requests	eq	2.16.5

Rows per page:

1-10 of 1301

References

docs.python-requests.org/en/master/community/updates/#release-and-version-history

lists.opensuse.org/opensuse-security-announce/2019-07/msg00024.html

access.redhat.com/errata/RHSA-2019:2035

bugs.debian.org/910766

github.com/requests/requests/commit/c45d7c49ea75133e52ab22a8e9e13173938e36ff

github.com/requests/requests/issues/4716

github.com/requests/requests/pull/4718

usn.ubuntu.com/3790-1/

usn.ubuntu.com/3790-2/

www.oracle.com/security-alerts/cpujul2022.html

nessus 64

fedora 3

redhatcve 1

openvas 22

amazon 2

cvelist 1

almalinux 2

ubuntucve 1

freebsd 1

f5 1

mageia 1

prion 1

kitploit 1

osv 5

centos 3

redhat 9

cve 1

ubuntu 2

github 1

debiancve 1

suse 1

huntr 2

nvd 1

veracode 1

oraclelinux 7

rocky 2

photon 6

ibm 3

rosalinux 1

oracle 2

nessus

FreeBSD : www/py-requests -- Information disclosure vulnerability (50ad9a9a-1e28-11e9-98d7-0050562a4d7b)

2019-01-23 00:00:00

EulerOS 2.0 SP5 : python-requests (EulerOS-SA-2019-1886)

2019-09-16 00:00:00

Amazon Linux 2 : python-requests (ALAS-2019-1334)

2019-10-25 00:00:00

fedora

[SECURITY] Fedora 27 Update: python-requests-2.20.0-1.fc27

2018-11-14 02:56:22

[SECURITY] Fedora 29 Update: python-requests-2.20.0-1.fc29

2018-11-06 22:11:30

[SECURITY] Fedora 28 Update: python-requests-2.20.0-1.fc28

2018-11-07 02:05:47

redhatcve

CVE-2018-18074

2020-04-03 01:55:49

openvas

Huawei EulerOS: Security Advisory for python-requests (EulerOS-SA-2020-2201)

2020-10-21 00:00:00

SUSE: Security Advisory (SUSE-SU-2022:1448-1)

2022-04-28 00:00:00

Ubuntu: Security Advisory (USN-3790-1)

2018-10-26 00:00:00

amazon

Low: python-requests

2019-10-21 18:01:00

Medium: python-virtualenv

2020-04-20 20:48:00

cvelist

CVE-2018-18074

2018-10-09 15:00:00

almalinux

python-requests bug fix update

2019-11-05 20:50:57

Moderate: python27:2.7 security, bug fix, and enhancement update

2020-04-28 08:55:59

ubuntucve

CVE-2018-18074

2018-10-09 00:00:00

freebsd

www/py-requests -- Information disclosure vulnerability

2018-06-27 00:00:00

K000133652 : Python vulnerability CVE-2018-18074

2023-04-27 00:00:00

mageia

Updated python-requests packages fix security vulnerability

2018-12-03 01:15:20

prion

Authorization

2018-10-09 17:29:00

kitploit

Packj - Large-Scale Security Analysis Platform To Detect Malicious/Risky Open-Source Packages

2022-08-10 12:30:00

osv

Insufficiently Protected Credentials in Requests

2018-10-29 19:06:46

PYSEC-2018-28

2018-10-09 17:29:00

python-requests bug fix update

2019-11-05 20:50:57

centos

python security update

2019-08-30 04:03:34

python security update

2020-03-25 19:10:05

python3 security update

2020-03-18 19:33:57

redhat

(RHSA-2019:2035) Low: python-requests security update

2019-08-06 07:53:23

(RHSA-2020:0851) Moderate: python-virtualenv security update

2020-03-17 13:10:32

(RHSA-2020:2081) Moderate: python-virtualenv security update

2020-05-12 14:03:20

cve

CVE-2018-18074

2018-10-09 17:29:01

ubuntu

Requests vulnerability

2018-10-22 00:00:00

Requests vulnerability

2018-10-15 00:00:00

github

Insufficiently Protected Credentials in Requests

2018-10-29 19:06:46

debiancve

CVE-2018-18074

2018-10-09 17:29:01

suse

Security update for python-requests (moderate)

2019-07-20 00:00:00

huntr

Exposure of Sensitive Information to an Unauthorized Actor in node-fetch/node-fetch

2022-02-12 17:07:46

Exposure of Sensitive Information to an Unauthorized Actor in follow-redirects/follow-redirects

2022-02-08 02:23:55

nvd

CVE-2018-18074

2018-10-09 17:29:01

veracode

Information Disclosure

2018-10-10 02:26:19

oraclelinux

python-requests security update

2019-08-13 00:00:00

python-virtualenv security update

2020-05-19 00:00:00

python-virtualenv security update

2020-03-18 00:00:00

rocky

python-requests bug fix update

2019-11-05 20:50:57

python27:2.7 security, bug fix, and enhancement update

2020-04-28 08:55:59

photon

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2019-1.0-0221

2019-04-01 00:00:00

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2019-2.0-0147

2019-04-01 00:00:00

Critical Photon OS Security Update - PHSA-2019-0147

2019-04-01 00:00:00

ibm

Security Bulletin: IBM QRadar Assistant App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

2024-04-29 16:48:58

Security Bulletin: IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

2021-01-27 00:05:29

Security Bulletin: Cloud Pak for Security uses packages that are vulnerable to multiple CVEs

2023-03-08 18:05:21

rosalinux

Advisory ROSA-SA-2021-1957

2021-07-02 18:03:40

oracle

Oracle Critical Patch Update Advisory - July 2022

2022-07-19 00:00:00

Oracle Critical Patch Update Advisory - April 2023

2023-04-18 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

7.6 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.4%

JSON

Related for OSV:CVE-2018-18074