Lucene search
GoogleOSV:GHSA-CFJ3-7X9C-4P3HHistoryMay 17, 2022 - 3:49 a.m.
Exposure of Sensitive Information to an Unauthorized Actor in Requests
2022-05-1703:49:35
Google
osv.dev
15
sensitive information
python-requests
authorization header
remote servers
EPSS
0.003
Percentile
69.0%
Requests (aka python-requests) before 2.3.0 allows remote servers to obtain a netrc password by reading the Authorization header in a redirected request.
References
advisories.mageia.org/MGASA-2014-0409.html
www.debian.org/security/2015/dsa-3146
www.ubuntu.com/usn/USN-2382-1
bugs.debian.org/cgi-bin/bugreport.cgi?bug=733108
github.com/advisories/GHSA-cfj3-7x9c-4p3h
github.com/psf/requests
github.com/psf/requests/issues/1885
github.com/pypa/advisory-database/tree/main/vulns/requests/PYSEC-2014-13.yaml
nvd.nist.gov/vuln/detail/CVE-2014-1829
web.archive.org/web/20150523055216/www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015:133/?name=MDVSA-2015:133
Related
ubuntucve
ubuntucve
CVE-2014-1829
2014-09-19 00:00:00
nvd
nvd
CVE-2014-1829
2014-10-15 14:55:05
cvelist
cvelist
CVE-2014-1829
2014-10-15 14:00:00
debiancve
debiancve
CVE-2014-1829
2014-10-15 14:55:05
cve
cve
CVE-2014-1829
2014-10-15 14:55:05
osv
osv
PYSEC-2014-13
2014-10-15 14:55:00
requests - security update
2015-01-30 00:00:00
prion
prion
Authorization
2014-10-15 14:55:00
github
github
Exposure of Sensitive Information to an Unauthorized Actor in Requests
2022-05-17 03:49:35
debian
debian
[SECURITY] [DSA 3146-1] requests security update
2015-01-30 15:54:18
[SECURITY] [DSA 3146-1] requests security update
2015-01-30 15:54:18
nessus
nessus
Ubuntu 14.04 LTS : Requests vulnerabilities (USN-2382-1)
2014-10-15 00:00:00
Debian DSA-3146-1 : requests - security update
2015-02-02 00:00:00
Mandriva Linux Security Advisory : python-requests (MDVSA-2015:133)
2015-03-30 00:00:00
securityvulns
securityvulns
[USN-2382-1] Requests vulnerabilities
2014-10-15 00:00:00
Requests library security vulnerabilities
2014-10-15 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-3146-1)
2015-01-29 00:00:00
Debian Security Advisory DSA 3146-1 (requests - security update)
2015-01-30 00:00:00
Ubuntu: Security Advisory (USN-2382-1)
2014-10-15 00:00:00
ubuntu
ubuntu
Requests vulnerabilities
2014-10-14 00:00:00
mageia
mageia
Updated python-requests packages fix security vulnerabilities
2014-10-09 18:39:32