Search for packages
| purl | pkg:deb/debian/requests@0.12.1-1%2Bdeb7u1 |
| Next non-vulnerable version | 2.21.0-1 |
| Latest non-vulnerable version | 2.32.3+dfsg-5+deb13u1 |
| Risk | 4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-4uhh-qs7z-bffx
Aliases: CVE-2014-1830 GHSA-652x-xj99-gmcc PYSEC-2014-14 |
Requests (aka python-requests) before 2.3.0 allows remote servers to obtain sensitive information by reading the Proxy-Authorization header in a redirected request. |
Affected by 1 other vulnerability. |
|
VCID-b16q-djxv-m7c2
Aliases: CVE-2015-2296 GHSA-pg2w-x9wp-vw92 PYSEC-2015-17 |
The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect. |
Affected by 1 other vulnerability. |
|
VCID-jgyy-eapg-f7c3
Aliases: CVE-2014-1829 GHSA-cfj3-7x9c-4p3h PYSEC-2014-13 |
Requests (aka python-requests) before 2.3.0 allows remote servers to obtain a netrc password by reading the Authorization header in a redirected request. |
Affected by 1 other vulnerability. |
|
VCID-pd4x-3cee-t7g3
Aliases: CVE-2018-18074 GHSA-x84v-xcm2-53pg PYSEC-2018-28 |
The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||