The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.

References

docs.python-requests.org/en/master/community/updates/#release-and-version-history

lists.opensuse.org/opensuse-security-announce/2019-07/msg00024.html

access.redhat.com/errata/RHSA-2019:2035

bugs.debian.org/910766

github.com/advisories/GHSA-x84v-xcm2-53pg

github.com/requests/requests/commit/c45d7c49ea75133e52ab22a8e9e13173938e36ff

github.com/requests/requests/issues/4716

github.com/requests/requests/pull/4718

usn.ubuntu.com/3790-1/

usn.ubuntu.com/3790-2/

openvas 22

nessus 66

suse 1

github 1

ubuntu 2

cve 1

debiancve 1

redhat 9

prion 1

f5 1

ubuntucve 1

osv 5

freebsd 1

fedora 3

mageia 1

kitploit 1

centos 3

amazon 2

almalinux 2

redhatcve 1

cvelist 1

rocky 2

oraclelinux 7

veracode 1

nvd 1

huntr 2

photon 6

ibm 3

rosalinux 1

oracle 2

openvas

Ubuntu: Security Advisory (USN-3790-2)

2018-10-26 00:00:00

Huawei EulerOS: Security Advisory for python-requests (EulerOS-SA-2019-1886)

2020-01-23 00:00:00

SUSE: Security Advisory (SUSE-SU-2022:1819-1)

2022-05-24 00:00:00

nessus

SUSE SLES12 Security Update : python-aws-sam-translator, python-boto3, python-botocore, python-cfn-lint, python-jsonschema, python-nose2, python-parameterized, python-pathlib2, python-pytest-cov, python-requests, python-s3transfer (SUSE-SU-2020:0555-1)

2020-03-06 00:00:00

Oracle Linux 7 : python-requests (ELSA-2019-2035)

2023-09-07 00:00:00

NewStart CGSL CORE 5.04 / MAIN 5.04 : python-requests Vulnerability (NS-SA-2019-0189)

2019-10-15 00:00:00

suse

Security update for python-requests (moderate)

2019-07-20 00:00:00

github

Insufficiently Protected Credentials in Requests

2018-10-29 19:06:46

ubuntu

Requests vulnerability

2018-10-22 00:00:00

Requests vulnerability

2018-10-15 00:00:00

cve

CVE-2018-18074

2018-10-09 17:29:01

debiancve

CVE-2018-18074

2018-10-09 17:29:01

redhat

(RHSA-2019:2035) Low: python-requests security update

2019-08-06 07:53:23

(RHSA-2020:0851) Moderate: python-virtualenv security update

2020-03-17 13:10:32

(RHSA-2020:2081) Moderate: python-virtualenv security update

2020-05-12 14:03:20

prion

Authorization

2018-10-09 17:29:00

K000133652 : Python vulnerability CVE-2018-18074

2023-04-27 00:00:00

ubuntucve

CVE-2018-18074

2018-10-09 00:00:00

osv

Insufficiently Protected Credentials in Requests

2018-10-29 19:06:46

CVE-2018-18074

2018-10-09 17:29:01

python-requests bug fix update

2019-11-05 20:50:57

freebsd

www/py-requests -- Information disclosure vulnerability

2018-06-27 00:00:00

fedora

[SECURITY] Fedora 29 Update: python-requests-2.20.0-1.fc29

2018-11-06 22:11:30

[SECURITY] Fedora 27 Update: python-requests-2.20.0-1.fc27

2018-11-14 02:56:22

[SECURITY] Fedora 28 Update: python-requests-2.20.0-1.fc28

2018-11-07 02:05:47

mageia

Updated python-requests packages fix security vulnerability

2018-12-03 01:15:20

kitploit

Packj - Large-Scale Security Analysis Platform To Detect Malicious/Risky Open-Source Packages

2022-08-10 12:30:00

centos

python security update

2019-08-30 04:03:34

python security update

2020-03-25 19:10:05

python3 security update

2020-03-18 19:33:57

amazon

Low: python-requests

2019-10-21 18:01:00

Medium: python-virtualenv

2020-04-20 20:48:00

almalinux

python-requests bug fix update

2019-11-05 20:50:57

Moderate: python27:2.7 security, bug fix, and enhancement update

2020-04-28 08:55:59

redhatcve

CVE-2018-18074

2020-04-03 01:55:49

cvelist

CVE-2018-18074

2018-10-09 15:00:00

rocky

python-requests bug fix update

2019-11-05 20:50:57

python27:2.7 security, bug fix, and enhancement update

2020-04-28 08:55:59

oraclelinux

python-requests security update

2019-08-13 00:00:00

python-virtualenv security update

2020-03-18 00:00:00

python-virtualenv security update

2020-05-19 00:00:00

veracode

Information Disclosure

2018-10-10 02:26:19

nvd

CVE-2018-18074

2018-10-09 17:29:01

huntr

Exposure of Sensitive Information to an Unauthorized Actor in node-fetch/node-fetch

2022-02-12 17:07:46

Exposure of Sensitive Information to an Unauthorized Actor in follow-redirects/follow-redirects

2022-02-08 02:23:55

photon

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2019-1.0-0221

2019-04-01 00:00:00

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2019-2.0-0147

2019-04-01 00:00:00

Critical Photon OS Security Update - PHSA-2019-0147

2019-04-01 00:00:00

ibm

Security Bulletin: IBM QRadar Assistant App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

2024-04-29 16:48:58

Security Bulletin: IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

2021-01-27 00:05:29

Security Bulletin: Cloud Pak for Security uses packages that are vulnerable to multiple CVEs

2023-03-08 18:05:21

rosalinux

Advisory ROSA-SA-2021-1957

2021-07-02 18:03:40

oracle

Oracle Critical Patch Update Advisory - July 2022

2022-07-19 00:00:00

Oracle Critical Patch Update Advisory - April 2023

2023-04-18 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

EPSS

0.004

Percentile

72.2%

JSON

Related for OSV:PYSEC-2018-28