{"url":"http://public2.vulnerablecode.io/api/packages/1055583?format=json","purl":"pkg:deb/debian/requests@2.0.0-1~bpo70%2B2","type":"deb","namespace":"debian","name":"requests","version":"2.0.0-1~bpo70+2","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.21.0-1","latest_non_vulnerable_version":"2.32.3+dfsg-5+deb13u1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5440?format=json","vulnerability_id":"VCID-4uhh-qs7z-bffx","summary":"Requests (aka python-requests) before 2.3.0 allows remote servers to obtain sensitive information by reading the Proxy-Authorization header in a redirected request.","references":[{"reference_url":"http://advisories.mageia.org/MGASA-2014-0409.html","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://advisories.mageia.org/MGASA-2014-0409.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2016-01/msg00095.html","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2016-01/msg00095.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-1830.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-1830.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-1830","reference_id":"","reference_type":"","scores":[{"value":"0.00464","scoring_system":"epss","scoring_elements":"0.64408","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00464","scoring_system":"epss","scoring_elements":"0.64438","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00464","scoring_system":"epss","scoring_elements":"0.64392","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00464","scoring_system":"epss","scoring_elements":"0.64348","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00464","scoring_system":"epss","scoring_elements":"0.64376","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00464","scoring_system":"epss","scoring_elements":"0.64375","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00464","scoring_system":"epss","scoring_elements":"0.64362","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00464","scoring_system":"epss","scoring_elements":"0.64342","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00464","scoring_system":"epss","scoring_elements":"0.64352","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00464","scoring_system":"epss","scoring_elements":"0.64341","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00464","scoring_system":"epss","scoring_elements":"0.64306","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00464","scoring_system":"epss","scoring_elements":"0.64335","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00464","scoring_system":"epss","scoring_elements":"0.64346","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00464","scoring_system":"epss","scoring_elements":"0.64334","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00464","scoring_system":"epss","scoring_elements":"0.64227","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00464","scoring_system":"epss","scoring_elements":"0.64319","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00464","scoring_system":"epss","scoring_elements":"0.64285","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00464","scoring_system":"epss","scoring_elements":"0.64314","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00464","scoring_system":"epss","scoring_elements":"0.64271","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00464","scoring_system":"epss","scoring_elements":"0.64493","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00464","scoring_system":"epss","scoring_elements":"0.64486","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00464","scoring_system":"epss","scoring_elements":"0.64433","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-1830"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=733108","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=733108"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1829","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1829"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1830","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1830"},{"reference_url":"https://github.com/advisories/GHSA-652x-xj99-gmcc","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-652x-xj99-gmcc"},{"reference_url":"https://github.com/kennethreitz/requests/issues/1885","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/kennethreitz/requests/issues/1885"},{"reference_url":"https://github.com/psf/requests","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/psf/requests"},{"reference_url":"https://github.com/psf/requests/issues/1885","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/psf/requests/issues/1885"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/requests/PYSEC-2014-14.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/requests/PYSEC-2014-14.yaml"},{"reference_url":"https://web.archive.org/web/20150523055216/http://www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015:133/?name=MDVSA-2015:133","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20150523055216/http://www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015:133/?name=MDVSA-2015:133"},{"reference_url":"http://www.debian.org/security/2015/dsa-3146","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2015/dsa-3146"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:133","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:133"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1144907","reference_id":"1144907","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1144907"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:requests:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:python:requests:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:requests:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-1830","reference_id":"CVE-2014-1830","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-1830"},{"reference_url":"https://usn.ubuntu.com/2382-1/","reference_id":"USN-2382-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2382-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1055584?format=json","purl":"pkg:deb/debian/requests@2.4.3-6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-pd4x-3cee-t7g3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/requests@2.4.3-6"}],"aliases":["CVE-2014-1830","GHSA-652x-xj99-gmcc","PYSEC-2014-14"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4uhh-qs7z-bffx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5465?format=json","vulnerability_id":"VCID-b16q-djxv-m7c2","summary":"The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect.","references":[{"reference_url":"http://advisories.mageia.org/MGASA-2015-0120.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://advisories.mageia.org/MGASA-2015-0120.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153594.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153594.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2296.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2296.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2296","reference_id":"","reference_type":"","scores":[{"value":"0.0114","scoring_system":"epss","scoring_elements":"0.78609","published_at":"2026-05-15T12:55:00Z"},{"value":"0.0114","scoring_system":"epss","scoring_elements":"0.7844","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0114","scoring_system":"epss","scoring_elements":"0.78439","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0114","scoring_system":"epss","scoring_elements":"0.78434","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0114","scoring_system":"epss","scoring_elements":"0.78467","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0114","scoring_system":"epss","scoring_elements":"0.78475","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0114","scoring_system":"epss","scoring_elements":"0.7849","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0114","scoring_system":"epss","scoring_elements":"0.78504","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0114","scoring_system":"epss","scoring_elements":"0.78528","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0114","scoring_system":"epss","scoring_elements":"0.78544","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0114","scoring_system":"epss","scoring_elements":"0.78542","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0114","scoring_system":"epss","scoring_elements":"0.78557","published_at":"2026-05-12T12:55:00Z"},{"value":"0.0114","scoring_system":"epss","scoring_elements":"0.78595","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0114","scoring_system":"epss","scoring_elements":"0.78357","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0114","scoring_system":"epss","scoring_elements":"0.78363","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0114","scoring_system":"epss","scoring_elements":"0.78394","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0114","scoring_system":"epss","scoring_elements":"0.78378","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0114","scoring_system":"epss","scoring_elements":"0.78405","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0114","scoring_system":"epss","scoring_elements":"0.7841","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0114","scoring_system":"epss","scoring_elements":"0.78436","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0114","scoring_system":"epss","scoring_elements":"0.78419","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0114","scoring_system":"epss","scoring_elements":"0.78411","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2296"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2296","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2296"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"1.8","scoring_system":"cvssv2","scoring_elements":"AV:A/AC:H/Au:N/C:P/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/kennethreitz/requests/commit/3bd8afbff29e50b38f889b2f688785a669b9aafc","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/kennethreitz/requests/commit/3bd8afbff29e50b38f889b2f688785a669b9aafc"},{"reference_url":"https://github.com/psf/requests","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/psf/requests"},{"reference_url":"https://github.com/psf/requests/commit/3bd8afbff29e50b38f889b2f688785a669b9aafc","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/psf/requests/commit/3bd8afbff29e50b38f889b2f688785a669b9aafc"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/requests/PYSEC-2015-17.yaml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/requests/PYSEC-2015-17.yaml"},{"reference_url":"https://warehouse.python.org/project/requests/2.6.0","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://warehouse.python.org/project/requests/2.6.0"},{"reference_url":"https://warehouse.python.org/project/requests/2.6.0/","reference_id":"","reference_type":"","scores":[],"url":"https://warehouse.python.org/project/requests/2.6.0/"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:133","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:133"},{"reference_url":"http://www.openwall.com/lists/oss-security/2015/03/14/4","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2015/03/14/4"},{"reference_url":"http://www.openwall.com/lists/oss-security/2015/03/15/1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2015/03/15/1"},{"reference_url":"http://www.ubuntu.com/usn/USN-2531-1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-2531-1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1202904","reference_id":"1202904","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1202904"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780506","reference_id":"780506","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780506"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-2296","reference_id":"CVE-2015-2296","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-2296"},{"reference_url":"https://github.com/advisories/GHSA-pg2w-x9wp-vw92","reference_id":"GHSA-pg2w-x9wp-vw92","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pg2w-x9wp-vw92"},{"reference_url":"https://usn.ubuntu.com/2531-1/","reference_id":"USN-2531-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2531-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1055584?format=json","purl":"pkg:deb/debian/requests@2.4.3-6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-pd4x-3cee-t7g3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/requests@2.4.3-6"}],"aliases":["CVE-2015-2296","GHSA-pg2w-x9wp-vw92","PYSEC-2015-17"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b16q-djxv-m7c2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5441?format=json","vulnerability_id":"VCID-jgyy-eapg-f7c3","summary":"Requests (aka python-requests) before 2.3.0 allows remote servers to obtain a netrc password by reading the Authorization header in a redirected request.","references":[{"reference_url":"http://advisories.mageia.org/MGASA-2014-0409.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://advisories.mageia.org/MGASA-2014-0409.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-1829.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-1829.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-1829","reference_id":"","reference_type":"","scores":[{"value":"0.00495","scoring_system":"epss","scoring_elements":"0.65871","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00495","scoring_system":"epss","scoring_elements":"0.65853","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00495","scoring_system":"epss","scoring_elements":"0.65882","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00495","scoring_system":"epss","scoring_elements":"0.65837","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00495","scoring_system":"epss","scoring_elements":"0.65816","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00495","scoring_system":"epss","scoring_elements":"0.6572","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00495","scoring_system":"epss","scoring_elements":"0.65937","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00495","scoring_system":"epss","scoring_elements":"0.65927","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00495","scoring_system":"epss","scoring_elements":"0.65791","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00495","scoring_system":"epss","scoring_elements":"0.65757","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00495","scoring_system":"epss","scoring_elements":"0.65787","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00495","scoring_system":"epss","scoring_elements":"0.65801","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00495","scoring_system":"epss","scoring_elements":"0.6578","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00495","scoring_system":"epss","scoring_elements":"0.65769","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00495","scoring_system":"epss","scoring_elements":"0.65716","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00495","scoring_system":"epss","scoring_elements":"0.6575","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00495","scoring_system":"epss","scoring_elements":"0.6567","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00495","scoring_system":"epss","scoring_elements":"0.65805","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00495","scoring_system":"epss","scoring_elements":"0.65792","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00495","scoring_system":"epss","scoring_elements":"0.65806","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-1829"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=733108","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=733108"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1829","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1829"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1830","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1830"},{"reference_url":"https://github.com/advisories/GHSA-cfj3-7x9c-4p3h","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cfj3-7x9c-4p3h"},{"reference_url":"https://github.com/kennethreitz/requests/issues/1885","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/kennethreitz/requests/issues/1885"},{"reference_url":"https://github.com/psf/requests","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/psf/requests"},{"reference_url":"https://github.com/psf/requests/issues/1885","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/psf/requests/issues/1885"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/requests/PYSEC-2014-13.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/requests/PYSEC-2014-13.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-1829","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-1829"},{"reference_url":"https://web.archive.org/web/20150523055216/http://www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015:133/?name=MDVSA-2015:133","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20150523055216/http://www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015:133/?name=MDVSA-2015:133"},{"reference_url":"http://www.debian.org/security/2015/dsa-3146","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2015/dsa-3146"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:133","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:133"},{"reference_url":"http://www.ubuntu.com/usn/USN-2382-1","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-2382-1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1046626","reference_id":"1046626","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1046626"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:requests:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:python:requests:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:requests:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:mageia:mageia:4.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:mageia:mageia:4.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:mageia:mageia:4.0:*:*:*:*:*:*:*"},{"reference_url":"https://usn.ubuntu.com/2382-1/","reference_id":"USN-2382-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2382-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1055584?format=json","purl":"pkg:deb/debian/requests@2.4.3-6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-pd4x-3cee-t7g3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/requests@2.4.3-6"}],"aliases":["CVE-2014-1829","GHSA-cfj3-7x9c-4p3h","PYSEC-2014-13"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jgyy-eapg-f7c3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5794?format=json","vulnerability_id":"VCID-pd4x-3cee-t7g3","summary":"The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.","references":[{"reference_url":"http://docs.python-requests.org/en/master/community/updates/#release-and-version-history","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://docs.python-requests.org/en/master/community/updates/#release-and-version-history"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00024.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00024.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2035","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:2035"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18074.json","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18074.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-18074","reference_id":"","reference_type":"","scores":[{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38593","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38681","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38569","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38494","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38557","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38544","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.3847","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38574","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.39929","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.40104","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00243","scoring_system":"epss","scoring_elements":"0.47487","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00243","scoring_system":"epss","scoring_elements":"0.47456","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00243","scoring_system":"epss","scoring_elements":"0.47508","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00243","scoring_system":"epss","scoring_elements":"0.47457","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00243","scoring_system":"epss","scoring_elements":"0.47512","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00243","scoring_system":"epss","scoring_elements":"0.47531","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00243","scoring_system":"epss","scoring_elements":"0.47507","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00243","scoring_system":"epss","scoring_elements":"0.47514","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00243","scoring_system":"epss","scoring_elements":"0.47573","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00243","scoring_system":"epss","scoring_elements":"0.47566","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-18074"},{"reference_url":"https://bugs.debian.org/910766","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.debian.org/910766"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18074","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18074"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/advisories/GHSA-x84v-xcm2-53pg","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x84v-xcm2-53pg"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/requests/PYSEC-2018-28.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/requests/PYSEC-2018-28.yaml"},{"reference_url":"https://github.com/requests/requests","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/requests/requests"},{"reference_url":"https://github.com/requests/requests/commit/c45d7c49ea75133e52ab22a8e9e13173938e36ff","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/requests/requests/commit/c45d7c49ea75133e52ab22a8e9e13173938e36ff"},{"reference_url":"https://github.com/requests/requests/issues/4716","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/requests/requests/issues/4716"},{"reference_url":"https://github.com/requests/requests/pull/4718","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/requests/requests/pull/4718"},{"reference_url":"https://usn.ubuntu.com/3790-1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/3790-1"},{"reference_url":"https://usn.ubuntu.com/3790-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3790-1/"},{"reference_url":"https://usn.ubuntu.com/3790-2","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/3790-2"},{"reference_url":"https://usn.ubuntu.com/3790-2/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3790-2/"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2022.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujul2022.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1643829","reference_id":"1643829","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1643829"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=910766","reference_id":"910766","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=910766"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-18074","reference_id":"CVE-2018-18074","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-18074"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0850","reference_id":"RHSA-2020:0850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0850"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0851","reference_id":"RHSA-2020:0851","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0851"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1605","reference_id":"RHSA-2020:1605","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1605"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1916","reference_id":"RHSA-2020:1916","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1916"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2068","reference_id":"RHSA-2020:2068","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2068"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2081","reference_id":"RHSA-2020:2081","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2081"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1059521?format=json","purl":"pkg:deb/debian/requests@2.21.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/requests@2.21.0-1"}],"aliases":["CVE-2018-18074","GHSA-x84v-xcm2-53pg","PYSEC-2018-28"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pd4x-3cee-t7g3"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/requests@2.0.0-1~bpo70%252B2"}