VulnerableCode Package Details - pkg:deb/debian/requests@2.4.3-6

Search for packages

Vulnerability	Summary	Fixed by
VCID-pd4x-3cee-t7g3 Aliases: CVE-2018-18074 GHSA-x84v-xcm2-53pg PYSEC-2018-28	The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.	2.21.0-1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-pd4x-3cee-t7g3
Aliases:
CVE-2018-18074
GHSA-x84v-xcm2-53pg
PYSEC-2018-28

The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.

2.21.0-1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-4uhh-qs7z-bffx	Requests (aka python-requests) before 2.3.0 allows remote servers to obtain sensitive information by reading the Proxy-Authorization header in a redirected request.	CVE-2014-1830 GHSA-652x-xj99-gmcc PYSEC-2014-14
VCID-b16q-djxv-m7c2	The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect.	CVE-2015-2296 GHSA-pg2w-x9wp-vw92 PYSEC-2015-17
VCID-jgyy-eapg-f7c3	Requests (aka python-requests) before 2.3.0 allows remote servers to obtain a netrc password by reading the Authorization header in a redirected request.	CVE-2014-1829 GHSA-cfj3-7x9c-4p3h PYSEC-2014-13

Vulnerability

Summary

Aliases

VCID-4uhh-qs7z-bffx

Requests (aka python-requests) before 2.3.0 allows remote servers to obtain sensitive information by reading the Proxy-Authorization header in a redirected request.

CVE-2014-1830
GHSA-652x-xj99-gmcc
PYSEC-2014-14

VCID-b16q-djxv-m7c2

The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect.

CVE-2015-2296
GHSA-pg2w-x9wp-vw92
PYSEC-2015-17

VCID-jgyy-eapg-f7c3

Requests (aka python-requests) before 2.3.0 allows remote servers to obtain a netrc password by reading the Authorization header in a redirected request.

CVE-2014-1829
GHSA-cfj3-7x9c-4p3h
PYSEC-2014-13

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T01:02:02.301852+00:00	Debian Oval Importer	Affected by	VCID-pd4x-3cee-t7g3	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T23:02:36.082544+00:00	Debian Oval Importer	Fixing	VCID-jgyy-eapg-f7c3	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T21:49:59.409378+00:00	Debian Oval Importer	Fixing	VCID-4uhh-qs7z-bffx	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T19:29:54.241664+00:00	Debian Oval Importer	Fixing	VCID-b16q-djxv-m7c2	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-12T00:34:11.528148+00:00	Debian Oval Importer	Affected by	VCID-pd4x-3cee-t7g3	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T22:38:47.269793+00:00	Debian Oval Importer	Fixing	VCID-jgyy-eapg-f7c3	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T21:28:30.009430+00:00	Debian Oval Importer	Fixing	VCID-4uhh-qs7z-bffx	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T19:12:48.510696+00:00	Debian Oval Importer	Fixing	VCID-b16q-djxv-m7c2	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-09T00:04:23.806935+00:00	Debian Oval Importer	Affected by	VCID-pd4x-3cee-t7g3	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T22:14:00.946429+00:00	Debian Oval Importer	Fixing	VCID-jgyy-eapg-f7c3	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T21:06:54.307107+00:00	Debian Oval Importer	Fixing	VCID-4uhh-qs7z-bffx	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T18:56:50.230604+00:00	Debian Oval Importer	Fixing	VCID-b16q-djxv-m7c2	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0