Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:pypi/requests@2.10.0

Type pypi

Namespace

Name requests

Version 2.10.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 2.31.0

Latest_non_vulnerable_version 2.31.0

Affected_by_vulnerabilities

url VCID-k5e5-nfns-gyd8

vulnerability_id VCID-k5e5-nfns-gyd8

summary Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use `rebuild_proxies` to reattach the `Proxy-Authorization` header to requests. For HTTP connections sent through the tunnel, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, the `Proxy-Authorization` header must be sent in the CONNECT request as the proxy has no visibility into the tunneled request. This results in Requests forwarding proxy credentials to the destination server unintentionally, allowing a malicious actor to potentially exfiltrate sensitive information. This issue has been patched in version 2.31.0.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32681.json

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32681.json

reference_url

https://github.com/psf/requests

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/psf/requests

reference_url

https://github.com/psf/requests/commit/74ea7cf7a6a27a4eeb2ae24e162bcc942a6706d5

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/psf/requests/commit/74ea7cf7a6a27a4eeb2ae24e162bcc942a6706d5

reference_url

https://github.com/psf/requests/releases/tag/v2.31.0

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/psf/requests/releases/tag/v2.31.0

reference_url

https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/requests/PYSEC-2023-74.yaml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/requests/PYSEC-2023-74.yaml

reference_url

https://lists.debian.org/debian-lts-announce/2023/06/msg00018.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2023/06/msg00018.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AW7HNFGYP44RT3DUDQXG2QT3OEV2PJ7Y

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AW7HNFGYP44RT3DUDQXG2QT3OEV2PJ7Y

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AW7HNFGYP44RT3DUDQXG2QT3OEV2PJ7Y/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AW7HNFGYP44RT3DUDQXG2QT3OEV2PJ7Y/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KOYASTZDGQG2BWLSNBPL3TQRL2G7QYNZ

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KOYASTZDGQG2BWLSNBPL3TQRL2G7QYNZ

reference_url

https://security.gentoo.org/glsa/202309-08

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.gentoo.org/glsa/202309-08

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036693
reference_id	1036693
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036693

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2209469
reference_id	2209469
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2209469

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-32681

reference_id

CVE-2023-32681

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-32681

reference_url	https://github.com/advisories/GHSA-j8r2-6x86-q33q
reference_id	GHSA-j8r2-6x86-q33q
reference_type
scores
url	https://github.com/advisories/GHSA-j8r2-6x86-q33q

reference_url	https://access.redhat.com/errata/RHSA-2023:4350
reference_id	RHSA-2023:4350
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4350

reference_url	https://access.redhat.com/errata/RHSA-2023:4520
reference_id	RHSA-2023:4520
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4520

reference_url	https://access.redhat.com/errata/RHSA-2023:4693
reference_id	RHSA-2023:4693
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4693

reference_url	https://access.redhat.com/errata/RHSA-2023:6793
reference_id	RHSA-2023:6793
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6793

reference_url	https://access.redhat.com/errata/RHSA-2023:6818
reference_id	RHSA-2023:6818
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6818

reference_url	https://access.redhat.com/errata/RHSA-2023:7034
reference_id	RHSA-2023:7034
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7034

reference_url	https://access.redhat.com/errata/RHSA-2023:7042
reference_id	RHSA-2023:7042
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7042

reference_url	https://access.redhat.com/errata/RHSA-2023:7050
reference_id	RHSA-2023:7050
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7050

reference_url	https://access.redhat.com/errata/RHSA-2024:0299
reference_id	RHSA-2024:0299
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0299

fixed_packages

url	pkg:pypi/requests@2.31.0
purl	pkg:pypi/requests@2.31.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/requests@2.31.0

aliases CVE-2023-32681, GHSA-j8r2-6x86-q33q, PYSEC-2023-74

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k5e5-nfns-gyd8

url VCID-y16k-z2b6-8bam

vulnerability_id VCID-y16k-z2b6-8bam

summary The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.

references

reference_url

http://docs.python-requests.org/en/master/community/updates/#release-and-version-history

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://docs.python-requests.org/en/master/community/updates/#release-and-version-history

reference_url

http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00024.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00024.html

reference_url

https://access.redhat.com/errata/RHSA-2019:2035

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2019:2035

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18074.json

reference_id

reference_type

scores

value	2.6
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18074.json

reference_url

https://bugs.debian.org/910766

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugs.debian.org/910766

reference_url	https://github.com/advisories/GHSA-x84v-xcm2-53pg
reference_id
reference_type
scores
url	https://github.com/advisories/GHSA-x84v-xcm2-53pg

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/requests/PYSEC-2018-28.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/requests/PYSEC-2018-28.yaml

reference_url

https://github.com/requests/requests

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/requests/requests

reference_url

https://github.com/requests/requests/commit/c45d7c49ea75133e52ab22a8e9e13173938e36ff

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/requests/requests/commit/c45d7c49ea75133e52ab22a8e9e13173938e36ff

reference_url

https://github.com/requests/requests/issues/4716

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/requests/requests/issues/4716

reference_url

https://github.com/requests/requests/pull/4718

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/requests/requests/pull/4718

reference_url

https://usn.ubuntu.com/3790-1

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://usn.ubuntu.com/3790-1

reference_url	https://usn.ubuntu.com/3790-1/
reference_id
reference_type
scores
url	https://usn.ubuntu.com/3790-1/

reference_url

https://usn.ubuntu.com/3790-2

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://usn.ubuntu.com/3790-2

reference_url	https://usn.ubuntu.com/3790-2/
reference_id
reference_type
scores
url	https://usn.ubuntu.com/3790-2/

reference_url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1643829
reference_id	1643829
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1643829

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=910766
reference_id	910766
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=910766

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-18074

reference_id

CVE-2018-18074

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-18074

reference_url	https://access.redhat.com/errata/RHSA-2020:0850
reference_id	RHSA-2020:0850
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:0850

reference_url	https://access.redhat.com/errata/RHSA-2020:0851
reference_id	RHSA-2020:0851
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:0851

reference_url	https://access.redhat.com/errata/RHSA-2020:1605
reference_id	RHSA-2020:1605
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:1605

reference_url	https://access.redhat.com/errata/RHSA-2020:1916
reference_id	RHSA-2020:1916
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:1916

reference_url	https://access.redhat.com/errata/RHSA-2020:2068
reference_id	RHSA-2020:2068
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2068

reference_url	https://access.redhat.com/errata/RHSA-2020:2081
reference_id	RHSA-2020:2081
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2081

fixed_packages

url pkg:pypi/requests@2.20.0

purl pkg:pypi/requests@2.20.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-k5e5-nfns-gyd8

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/requests@2.20.0

aliases CVE-2018-18074, GHSA-x84v-xcm2-53pg, PYSEC-2018-28

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y16k-z2b6-8bam

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/requests@2.10.0

Package Instance