Lucene search
Veracode Vulnerability DatabaseVERACODE:33983HistoryFeb 03, 2022 - 6:56 a.m.
Information Disclosure
2022-02-0306:56:04
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
9
treq
vulnerability
information disclosure
cookies
software
EPSS
0.002
Percentile
62.0%
treq is vulnerable to information disclosure. Treq’s request methods (treq.get, treq.post, etc.) and treq.client.HTTPClient constructor passes a dictionary as the cookies argument, leaking information upon an HTTP redirect to a different domain., e.g. should https://example.com redirect to http://cloudstorageprovider.com the latter will receive the cookie session.
Related
prion
prion
Design/Logic Flaw
2022-02-01 11:15:00
suse
suse
Security update for python-treq (moderate)
2022-08-24 00:00:00
osv
osv
python-treq - security update
2022-03-18 00:00:00
PYSEC-2022-26
2022-02-01 11:15:00
CVE-2022-23607
2022-02-01 11:15:11
openvas
openvas
Debian: Security Advisory (DLA-2954-1)
2022-03-19 00:00:00
nvd
nvd
CVE-2022-23607
2022-02-01 11:15:11
cvelist
cvelist
CVE-2022-23607 Unsafe handling of user-specified cookies in treq
2022-02-01 11:01:07
debian
debian
[SECURITY] [DLA 2954-1] python-treq security update
2022-03-18 10:46:27
freebsd
freebsd
py-treq -- sensitive information leak vulnerability
2022-02-01 00:00:00
debiancve
debiancve
CVE-2022-23607
2022-02-01 11:15:11
ubuntucve
ubuntucve
CVE-2022-23607
2022-02-01 00:00:00
nessus
nessus
cve
cve
CVE-2022-23607
2022-02-01 11:15:11
github
github
Unsafe handling of user-specified cookies in treq
2022-02-01 00:43:38